Damn..! I was hoping I had forgotten something, or had it wrong. Looks like
I'm in trouble with my customer now.
I can workaround it if I use "j_security_check" for the FORM login, and a bit
of javascript to call a server side action to execute my post login code.
Have to see how secure that setup is, but that's the best I have right now.
The problem is the logout() method; I cannot get the user logged out, since
calling request.logout() will only log him off the current application he's
using. If he clicks back on the browser, suprise! He's logged in again.
Any tips on how I could overcome that? I'm trying to figure it out for a
while now..
--
[Message sent by forum member 'javabeats']
View Post: http://forums.java.net/node/884442