Adam Gordon wrote:
We're using JAAS for webapp authentication and we've discovered an issue: If user A is logged in and tries to log in as user B, they stay logged in as user A.
Couldn't you protect the login form page and action so that they're only accessible by a session without any valid login credentials? That way the only way to log in as B would be to first log out as A (or in some other way start a new session w/o A's credentials).
-Dale --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
