Hello,
I have a problem in logout mechanism for my web app. For logging in I use
Digest Authentication. Here is how things go:
1. On the same web app I first used Form Authentication and on each jsp page
I created I used, on logout, bellow code:
session.invalidate();
response.sendRedirect("samepage.jsp");
2. Next, again on the same web app, I only changed <login-config> tag in
web.xml, in order to achieve Digest Authentication, as bellow:
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>Authentication Area</realm-name>
</login-config>
Then, login procedure worked OK, but on log out, I still could access the
secured jsp pages (as defined in web.xml)
Is there a problem in logout mechanism for Digest Authentication? Is logout
not supported for diggest authentication? How could I manage to logout?
I use Tomcat6.
Thanks in Advance for your answer.
--
View this message in context:
http://old.nabble.com/Logout-mechanism-on-Digest-Authentication-tp27224384p27224384.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
