Hello: Ive got a web application running on Tomcat 7, with SSL (https) and realm for authentication/authorization
When I invalidate() a session ( session.invalidate() ) , Tomcat doesn't know it and thinks that user is still logged in So, that user can get protected pages. Tomcat should return him a login window but doesn't If Tomcat doesn't use SSL , works fine, so I guess I'm not ending sessions properly with SSL activated Any example about how do it ? Anyone did it ? Thanks and regards --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
