-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chema,
On 9/16/2011 1:25 PM, Chema wrote:
>>
>> Presumably, you are using CLIENT-CERT as your <auth-method>?
>
> No, [I am using] FORM method
Hmm. HttpSession.invalidate() *is* the proper way to terminate a
"FORM" authentication login.
> session.invalidate(); org.apache.tomcat.util.net.SSLSessionManager
> mgr
> =(org.apache.tomcat.util.net.SSLSessionManager)request.getAttribute("javax.servlet.request.ssl_session_mgr");
>
>
mgr.invalidateSession();
You don't need this SSL stuff. HttpSession.invalidate() ought to do
the trick.
> response.setHeader("Connection", "close");
This is optional, and not usually necessary.
> but didnt work. does anyone have worked with realm + SSL ? anyone
> ?
This definitely works.
Are you saying that when you use HTTP instead of HTTPS, logouts work?
That sounds really strange.
Please post the relevant sections of web.xml and server.xml, and be
sure to remove any sensitive information.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5ziX4ACgkQ9CaO5/Lv0PCitQCgwgv0Khtvabe0xJK0A5SYe0u0
BlAAnRno9V/PAwyRKIs1s4cC/2oFz0GK
=pshV
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
