I answered this question yesterday. The short answer is that it's not possible to portably log users off if you're using BASIC authentication, because the browser keeps sending the credentials (with every request) until the user shuts down and restarts their browser.
The answer is to use form-based login instead. Craig On Mon, 7 Oct 2002, Alex Imbastari wrote: > Date: Mon, 7 Oct 2002 08:00:40 -0700 (PDT) > From: Alex Imbastari <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Session.invalidate() not working > > I'm using Tomcat 4.1 and I can't log off users via > session.invalidate(). I'm using Basic Authentication. > Can anyone help > > Thanks > Alex > > __________________________________________________ > Do you Yahoo!? > Faith Hill - Exclusive Performances, Videos & More > http://faith.yahoo.com > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
