> How do you accomplish that? By doing this SSO sniff-and-kill-session > thing? It seems more straightforward to expire a particular webapp's > session explicitly and let the SSO expire along with it. > Doesn't that mean you'll have to re-run the same query just to expire > the sessions in the other webapps?
We've got deployed many web applications on our Tomcat. The user goes from one to another and, for user's point of view , he is into a only one session. We store into a database this 'only one session', so we use JSESSIONIDSSO cookie Obviously, when an user logout (closing browser or clicking logout button ), we invalidate the particular session (JSESSIONID ) and Tomcat SSO feature is the responsible to close all of others sessions opened ( as you says ) Maybe cause my bad English didnt explain myself right Regards --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
