The problem is, that one cannot "logout" with auth-method "BASIC" without
changing the realm-name, as
the browser caches the credentials and sends it to the server again.
I suggest you switch to a different auth-method (e.g. form).
On Mon, Jan 4, 2010 at 4:02 PM, <glassfish_at_javadesktop.org> wrote:
> Hi everyone,
>
> Having a problem which is I cannot logout my user that was authenticated on
> a fileRealm realm.
>
> My web.xml file looks something like this :
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>testrealm</realm-name>
> </login-config>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Test</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>master</role-name>
> </auth-constraint>
> </security-constraint>
>
> I manage to login properly and all that.
> Then I created a method on a servlet that basically just calls getSession
> from the response and invalidate() that session.
>
> I refresh the page of my application and apparently I'm still logged in, or
> at least it does not prompt me to insert credentials again.
>
> Any thoughs ?
> Thanks
> [Message sent by forum member 'syshex' (rui.pereira_at_jbaysolutions.com)]
>
> http://forums.java.net/jive/thread.jspa?messageID=378577
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
--
Dominik Dorn
http://dominikdorn.com