I'm using Tomcat 5.5 for my web application. I have a login link and I told tomcat to authenticate the request sent by the login link via the deployment descriptor. The problem is that now I don't know how to log a user out. Is there a way to de-authenticate a client?
If you're talking about BASIC authentication -the kind where you enter username/password into a little dialog box popped open by the browser- then this is not possible. Once the browser knows it, it will always send it, until you quit it.