Hello Cris, *After you call session.invalidation(), what does your code do, specifically? If you do a "forward" to a protected resource, strange things may happen with cookie-passing.*
After the session get's invalidate(on the server side) my code send back a request success to the UI and then the Ui redirect's my app to the protected resource. *Does your login form properly encode the session id into it's <form> action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser?* My cookies are enabled. But I don't know exactly if the login/logout code form properly encode the session id into it's <form>(how can I test that?) Thank you very much!!!! On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Gheorghe, > > On 6/3/2010 2:18 PM, Gheorghe Pucea wrote: > > By "when I get back to the login page" I mean that I log out from my app > and > > then I redirect my app to a restricted resource and when my login page > > appears I type my User/pass and the error occurs. > > > > I want to add something, when I log out and after I redirect my app to a > > protected resource the login page show's up if I hit the refresh button > on > > my browser and I type in my user/pass it works. > > After you call session.invalidation(), what does your code do, > specifically? If you do a "forward" to a protected resource, strange > things may happen with cookie-passing. > > Does your login form properly encode the session id into it's <form> > action? Does your logout code properly encode the session id into the > redirect URL? Have you enabled/disabled cookies in your web browser? > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc > k+4An0eBb+93c9XYCgzNXnF4BZop8NTI > =lzIW > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >