Hi Eric, Thank you for verifying that. I've actually made my own authentication before but when I read about container-managed authentication I realised that that was exactly what I was looking for.
Is there any reason for keeping the users login as a session attribute or is it better to use request.getRemoteUser() ? What's the praxis? Markus On fredag, juni 7, 2002, at 09:12 , Eric Everman wrote: > Prior to the Servlet 2.3 spec, it was ambiguous as to when a client was > no longer logged in. The 2.3 servlet spec states that a client is > logged out when their session is invalidated. So if Tomcat works as > advertised, session.invalidate() should do what you expect. > > Eric Everman > > At 12:49 PM 6/7/2002, you wrote: >> Hi, >> I use a JDBC Realm with FORM based authentication but haven't figured >> out a way for users to log out. Is it just to call >> session.invalidate() or is there any better way to do it? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>