Hi, I havent found a real solution for this problem, even when it is really common...
I have this context:
application running on Glassfish Server v3.1, JDK6. All in my personal computer with WinVista (This last should not be important).
- Using SSL and Basic authentication (Security of the container)
- I have done my logout() method in my backing bean invalidating the session and sending a redirect.
I can not make the container show again the Login box to validate the user, and be able to change of user... And my user always can go back, pressing the BACK button in the browser or just writing the URL, and continue doing thnigs there when is supposed that there should not be a existing session.
I am getting the name of the user the my backing bean is created:
And I use this name to perform operations...
Then for logout my xhtml has the code:
That calls this method in my bean::
I am declaring my backing bean with:
...Also I was doing the redirect from the the deployment descriptor... and it was the same.
If I close the browser the the session is lost and the container ask me again for user/pass.
Thanks a lot!