On 03/08/2010 13:49, DJP JEAN-PROST Dominique wrote: > -----Message d'origine----- > De : Pid [mailto:p...@pidster.com] > Envoyé : mardi 3 août 2010 14:45 > À : Tomcat Users List > Objet : Re: [SingleSignOn Valve] Overriding deregister(String) method > > > Potentially silly questions: > > #1 how is one supposed to logout of all apps? > [Dominique Jean-Prost] I don't need this feature > #2 what's the reason for using a half functional SSO valve? > [Dominique Jean-Prost] From y point of view (and from what I need) the SSO > valve is aimed at preventing user to enter login/password each time he wants > to access a new webapp. It shouldn't mean that because he used this feature > he should log out for all the webapp he accessed. > > That's why I would like to "enhance" tomcat's valve so that it meets my > requirements. My question is : will I introduce such a change so that tomcat > wouldn't work (is the fact that the valve runs this way is a requirement for > tomcat ?)
Tomcat won't care. The user won't be able to logout in the normal sense (since the SSO valve will sign them back in again) but logging out should invalidate the session associated with that web app which is what I suspect you want. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
