I face this strange problem while developing the logout screen for our client's appln. We have a SSO based siteminder that'll do the authentication for our application. Whenr the user clicks on the logout button, we are killing the session by invoking the invalidate() method on the session object and then the response is redirected to the logout page. We are not closing the page. If the user requests the some page in our application now, we expect the siteminder to prompt for login id/password , which is not happening. Am I supposed to do something extra after invalidating the session. I guess i need to kill some info that the siteminder has stored regarding the user session. Can someone throw light on this ?
When the user request for the page ,you can check whether the session is alive,and you can redirect the request to the login page..(If I understood your query ?)
Cheers. ------------ Sunil
Joined: May 11, 2005
Yeah sunil thats very much possible. But i dont want to explicitly call the siteminder (May be I'll have it as the last option ). Our siteminder is functioning well. If a new browser is opened and a request is made to some page in the application, the siteminder prompts for the login id/password. It fails to do so when the user logs out and requests for some page then.