nvalidation.
The only way to execute a logout from FORM auth is session.invalidate();
p
> This last step maybe the missing link.
>
> -Original Message-
> From: Martin O'Shea [mailto:app...@dsl.pipex.com]
> Sent: 22 Sep 2011 19 49
> To: 'Tomcat Users List&
Message-
From: Martin O'Shea [mailto:app...@dsl.pipex.com]
Sent: 22 Sep 2011 19 49
To: 'Tomcat Users List'
Subject: RE: Session management issue with Tomcat
To answer your questions:
Is there a reason this data is in a custom cookie, rather than the session,
via setAttribute
On 22/09/2011 19:49, Martin O'Shea wrote:
> To answer your questions:
>
> Is there a reason this data is in a custom cookie, rather than the
> session, via setAttribute()?
>
> The cookie is dedicated and meant to be persistent. The idea is that a user
> is recognised by the system upon returning
Just noticing something here, and ading my grain of salt :
Martin O'Shea wrote:
...
The underlying principle here is that if multiple users use the same PC,
(with or without logging out/in ?)
and
maybe even the same session in a browser, a single cookie is used to store a
userid. Various
To answer your questions:
Is there a reason this data is in a custom cookie, rather than the
session, via setAttribute()?
The cookie is dedicated and meant to be persistent. The idea is that a user
is recognised by the system upon returning to the website after having been
away for some time. Hen
cookieName parameter here is the name of the cookie which is myAppUser
>
> This all seems to work fine.
>
> -----Original Message-
> From: Martin O'Shea [mailto:app...@dsl.pipex.com]
> Sent: 22 Sep 2011 14 03
> To: 'Tomcat Users List'
> Subject: RE: Session
com]
Sent: 22 Sep 2011 14 03
To: 'Tomcat Users List'
Subject: RE: Session management issue with Tomcat
Shanti
I was thinking that this was the problem and at the moment I have been
trying to force the pages to reload from the server by using a filter to
prevent brow
On 22/09/2011 13:56, Shanti Suresh wrote:
> Hi Martin,
>
> You will have to expire/invalidate the session in the code upon user logout.
> This way when the cookie comes in, there is no corresponding session-ID and
> the system will create a new session. Are you doing that already? Does that
7
To: Tomcat Users List
Subject: Re: Session management issue with Tomcat
Hi Martin,
You will have to expire/invalidate the session in the code upon user logout.
This way when the cookie comes in, there is no corresponding session-ID and
the system will create a new session. Are you doing that
Hi Martin,
You will have to expire/invalidate the session in the code upon user logout.
This way when the cookie comes in, there is no corresponding session-ID and the
system will create a new session. Are you doing that already? Does that help?
-Shanti
On Sep 20, 2011, at 1:2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
On 9/18/2011 11:05 AM, Martin O'Shea wrote:
> I have a situation where I'm using Tomcat 6.0.26 but the logging in
> / out of the application is not authenticated via Tomcat's:
>
> action='<%= response.encodeURL("j_security_check") %>' >
>
>
Hello
I have a situation where I'm using Tomcat 6.0.26 but the logging in / out of
the application is not authenticated via Tomcat's:
action='<%= response.encodeURL("j_security_check") %>' >
method.
The current system allows cookies to store userids which are used to show
recent lis
12 matches
Mail list logo
