Raghu Kanchustambham wrote:
Hi,
Shouldnt session.invalidate() log me out?
request.getSession().invalidate();
try {
response.sendRedirect("home.jsp");
} catch (IOException e) {
e.printStackTrace();
}
I am using JAAS Basic authentication on tomcat. When the above code is
executed and the redirection happens back, i expected that login box will
pop up again asking me my user id and password. But nothing of this sort is
happening.
When I first time hit the home.jsp .. the box pops up and authenticates me.
Should I not expect the same behavior from the above code. which first
invalidates my present session and then sends a redirect to the home.jsppage?
Can someone throw some light on what is happening?
Thanks.
Raghu
The problem is that there's no way to tell the browser to relinquish
HTTP authentication info, so when you redirect your app sends an
authentication challenge and the browser automatically responds with the
credentials you supplied the first time. There's no way to force
browsers to prompt again. That's one of the drawbacks of using HTTP
authentication.
L.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
