I have a page for "logout". The code is:
<%
request.getSession().invalidate();
System.err.println((new
com.sun.appserv.security.ProgrammaticLogin()).logout(request, response,
true));
response.sendRedirect(request.getContextPath()+"?_br_lastMessage=Saída
do sistema com sucesso!");
%>
I expect session is invalidated, the user is logout, and redirected to
index page.
Sometimes, session stay existing, user is not logged out (besides "true"
appear on log), and authentication is not asked again.
Occur in Glassfish (standalone, started from NB) and SunApp Server 9
(running as service).
Problem is shown randomly.
Richter