-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chema,
On 8/16/2011 4:33 AM, Chema wrote: >> How do you accomplish that? By doing this SSO >> sniff-and-kill-session thing? It seems more straightforward to >> expire a particular webapp's session explicitly and let the SSO >> expire along with it. Doesn't that mean you'll have to re-run the >> same query just to expire the sessions in the other webapps? > > > We've got deployed many web applications on our Tomcat. The user goes > from one to another and, for user's point of view , he is into a only > one session. We store into a database this 'only one session', so we > use JSESSIONIDSSO cookie > > Obviously, when an user logout (closing browser or clicking logout > button ), we invalidate the particular session (JSESSIONID ) and > Tomcat SSO feature is the responsible to close all of others > sessions opened ( as you says ) What I'm trying to say is that logging-out of any SSO webapp causes the sessions in all other webapps to expire. I think you are duplicating something that Tomcat already does for you. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5K0MwACgkQ9CaO5/Lv0PC8xQCdHqOddPRihiBGXtu4FujZySVb QuIAn1oRizFKVdz0cnYgmDH4JeAlADmM =+1Hj -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
