> From: atul [mailto:[EMAIL PROTECTED] > Subject: Re: Force getting Client Cert from browser > > I tried invalidating httpsession but that didnt work.
I'm a bit surprised at that, but I haven't gone through the code enough to figure out why that didn't work. There's a tangentially related thread here: http://marc.info/?l=tomcat-user&m=120092922008604&w=2 > Also, in a deployment where if a machine is shared by > multiple users and user1 forgets to close the browser before > leaving, the user can log right in as user1. A problem in any environment that has shared access points, not unique to using certificates for client authentication. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
