This week's book giveaway is in the Design forum.
We're giving away four copies of Building Microservices and have Sam Newman on-line!
See this thread for details.
The moose likes Servlets and the fly likes form-based authentication - logout Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Building Microservices this week in the Design forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "form-based authentication - logout" Watch "form-based authentication - logout" New topic

form-based authentication - logout

Daniel Rhoades
Ranch Hand

Joined: Jun 30, 2004
Posts: 186
When using the container's form-based authentication to login, is there a method to logout? Or do you have to manually re-write the HTTP headers to clear the authentication?

Drinking more tea is the key...
Daniel Rhoades
Ranch Hand

Joined: Jun 30, 2004
Posts: 186
Interesting... using tomcat just calling invalidate() on the session object did it... I didn't think it stored that info in the session object.
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

Yep, that works in most Application servers. But not IBM Websphere
I agree. Here's the link:
subject: form-based authentication - logout
It's not a secret anymore!