Hi-
We're using JAAS for webapp authentication and we've discovered an
issue: If user A is logged in and tries to log in as user B, they stay
logged in as user A. We know how to detect if a user's already
authenticated (we have some static objects stored on the session) but
we're not sure where to put the code that would detect whether user A
had an authenticated session and invalidate it before allowing them to
log in as user B.
I've tooled around with the LoginAction but am getting various Tomcat
errors (invalid reference to login page, attempt to post to
j_security_check and the servlet isn't available, etc...).
Any ideas?
--adam
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
