Hi everyone,
Having this same problem.
My web.xml file looks something like this :
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>testrealm</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Test</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>master</role-name>
</auth-constraint>
</security-constraint>
I manage to login properly and all that.
Then I created a method on a servlet that basically just calls getSession from the response and invalidate() that session.
I refresh the page of my application and apparently I'm still logged in, or at least it does not prompt me to insert credentials again.
Any thoughs ?
Thanks
[Message sent by forum member 'syshex' (rui.pereira_at_jbaysolutions.com)]
http://forums.java.net/jive/thread.jspa?messageID=378515