HI I am using WL6.1 and have implemented formbased authentication. my problem is that i have a logout button on each page that is supposed to logout the user and bring back the login page. I tried using session.invalidate()...this somehow seems to be futile ..as the user is not actually logged off and still is able to access the secure pages. whats the common technique used for this?
posted 12 years ago
Can user access your security page without login in your program when they use it at first if they know that url?
After logout, the security page user can see is cache one or newest one? you can try to refresh that page to double check.