-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chema,
On 8/12/2011 2:56 PM, Chema wrote: >> Why bother? >> >> " As soon as the user logs out of one web application (for example, >> by invalidating the corresponding session if form based login is >> used), the user's sessions in all web applications will be >> invalidated. Any subsequent attempt to access a protected resource >> in any application will require the user to authenticate himself or >> herself again. " > > Right. But the application requires than an administrator can expulse > an user. It's a client requirement. How do you accomplish that? By doing this SSO sniff-and-kill-session thing? It seems more straightforward to expire a particular webapp's session explicitly and let the SSO expire along with it. > So, I need to record all "SSO sessions" FYI, I made it using by > JSESSIONIDSSO cookie and works fine Doesn't that mean you'll have to re-run the same query just to expire the sessions in the other webapps? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5JfTcACgkQ9CaO5/Lv0PAKZQCgnsSH7kzt62gdYvj0T0qjc7ES mcMAoJI36IqOKM39o/iRXj7xRblzKlWa =L/z6 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
