It seems I am invalidating another servlet than the one which authenticated the webapp. This confusion is because I am using Google Web Toolkit application template which not just a plain servlet application. I am now trying to invalidate all the sessions by calling HttpSession.logout(). I can see this API in a servlet book but in Eclipse it is not able to find out even with the latest JDK 1.7. May be I need to post this onto some Java forum...
On Wed, Jun 20, 2012 at 10:41 AM, javed Ansari <javid....@gmail.com> wrote: > Ok let me try this. But in any case once I call invalidate the JAASRealm > should automatically call the LoginModule.logout(). But my log suggest that > this is not happening. > > > On Wed, Jun 20, 2012 at 10:07 AM, Esmond Pitt <esmond.p...@bigpond.com>wrote: > >> ** >> You must never redirect to the login page: see the Servlet Spec. You >> should redirect to a page that *requires* a login, i.e. a role, e.g. in my >> system it is /mypage >> >> EJP >> >> ------------------------------ >> *From:* javed Ansari [mailto:javid....@gmail.com] >> *Sent:* Wednesday, 20 June 2012 2:30 PM >> *To:* Esmond Pitt >> *Cc:* Tomcat Users List >> *Subject:* Re: Apache tomcat (7.0.27) is not loading the user and role >> class for JAASRealm >> >> Ooops, I could not explain. Sorry for mess... >> >> I am invalidating in logout only **not** in login. >> Once I click on logout, I invalidate. Then I redirect to login page. Then >> if I try to login again the foresaid error comes (error code 408). >> On Wed, Jun 20, 2012 at 5:22 AM, Esmond Pitt <esmond.p...@bigpond.com>wrote: >> >>> Javed >>> >>> I don't know why you are invalidating the session when you log *in.* I >>> said >>> to invalidate it to log *out*. >>> >>> EJP >>> >>> >> >
