#: (Sameer Charles) changed the world a bit at a time by saying on 11/23/2005
7:40 PM :#
invalidating session will make sure its logged out on the server but
next time when you send the request from the same browser session it
will
be recreated.
Only way to force logout is to send back un-authorized header status
from your JSP which will force browser to show login dialog.
And what this really mean? What headers should be included in that response?
./alex
--
.w( the_mindstorm )p.
this will be solved when we will have form basel authentication
check this
http://jira.magnolia.info/browse/MAGNOLIA-87
regards
- Sameer
On Nov 23, 2005, at 5:26 PM, (Alexandru Popescu) wrote:
#: (Thomas Ferris Nicolaisen) changed the world a bit at a time by
saying on 11/23/2005 6:23 PM :#
1- I created a website, The site is running on the public instance
but
is need a user and password to acces the pages, After logging I
want to
logout the website? is there a way to do this? A interface button
or the
only way to leaving the session is closing the browser ?
Create a custom JSP or servlet that issues 'session.invalidate()'
(see J2EE docs). Then link to it via your custom made button, link
or whatever.
Thomas are you sure this is all that is needed?
I presumed that the login-information is stored in session the JSP
session-scope. Not sure how else it could be done.
I am not very sure about this. afaik Magnolia uses BASIC
authentication and this info is added to each request headers, so that
I don't think it is enough to clean the session.
I think Sameer can help us here. I am also looking at having this
functionality ;-).
./alex
--
.w( the_mindstorm )p.
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------
