> From: Xiaojun Deng [mailto:xjde...@gmail.com] > Subject: Re: Tomcat SSO JSESSIONIDSSO value can't be reset by browser > > but the JSESSIONIDSSO value can't be reset, it keep the old cookie > value, and when login into the server again, it failed caused by using > a old cookie value, but the server have created a new session cookie.
Do any of your webapp <Context> elements have their own <Realm>? (They shouldn't.) Try setting requireReauthentication to true and let's see what happens. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
