luehe 2004/09/20 19:08:55
Modified: webapps/docs/config host.xml
Log:
Restored bullet about logout (but not session expiration!) invalidating all sessions
associated with SingleSignOn entry.
Revision Changes Path
1.11 +6 -0 jakarta-tomcat-catalina/webapps/docs/config/host.xml
Index: host.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/config/host.xml,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- host.xml 20 Sep 2004 18:25:43 -0000 1.10
+++ host.xml 21 Sep 2004 02:08:55 -0000 1.11
@@ -458,6 +458,12 @@
utilized for access control decisions across <strong>all</strong>
of the associated web applications, without challenging the user
to authenticate themselves to each application individually.</li>
+ <li>As soon as the user logs out of one web application (for example,
+ by invalidating the corresponding session if form
+ based login is used), the user's sessions in <strong>all</strong>
+ web applications will be invalidated. Any subsequent attempt to
+ access a protected resource in any application will require the
+ user to authenticate himself or herself again.</li>
<li>The Single Sign On feature utilizes HTTP cookies to transmit a token
that associates each request with the saved user identity, so it can
only be utilized in client environments that support cookies.</li>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
