AFAIK, the principal does stay in the current request, but won't be in the next. So what you need to do is invalidate the session, and then render another page (like Login or something) with setResponse page. Another option is to throw a RestartResponseException to immediately break off any processing.
Eelco On 6/8/06, Flavia Paganelli <[EMAIL PROTECTED]> wrote: > Hi! > I've been searching the list for an answer to this but couldn't find it. > I found several discussions about similar topics but not an answer to this. > > I want to implement logout when using BASIC authentication. > > Invalidating the session (Session.invalidate()) does not seem to work > because the user principal still remains in the request after the > session is invalidated. > > And it seems it's impossible to remove the user principal from the > request (servlet API HttpServletRequest does not implement > setUserPrincipal() or anything similar)... > > Any ideas? > > Thank you!! > > Flavia > > > > > _______________________________________________ > Wicket-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/wicket-user > _______________________________________________ Wicket-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wicket-user
