that's it. What I meant is request.logout() = session invalidation + cleanup if needed. In other word don't suppose session.invalidate() = logout.
Romain Manni-Bucau Twitter: @rmannibucau Blog: http://rmannibucau.wordpress.com/ LinkedIn: http://fr.linkedin.com/in/rmannibucau Github: https://github.com/rmannibucau 2014-05-23 14:07 GMT+02:00 hwaastad <[email protected]>: > OK, > any hints you can give me on how to logout a web service client request > protected by basic auth and JAAS? > > Usually what I've seen (and done) is standard servlet 3.0 logout. > > br hw > > > > -- > View this message in context: > http://openejb.979440.n4.nabble.com/Asynchronous-principal-propagation-tp4669547p4669603.html > Sent from the OpenEJB User mailing list archive at Nabble.com. >
