• Post Reply Bookmark Topic Watch Topic
  • New Topic

Form-based Logout ???  RSS feed

 
Quan Zhang
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
Nice to meet u here. I'm developing a web application on Websphere server using IIS and Basic Authorization (Configure Resource Sercurity for authorized group). Login was working fine and I got userid easily by request.getRemoteUser() method, but how to LOGOUT user??? i.e force user to login again without closing then re-opening the browser.
I tried some methods like using SSOAuthenticator, removing session, cookie... but it didn't work.
Does anyone give me advices?
Thanx in advance.
Kevin
 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The problem is that WebSphere will not only drop the LTPA and SSO cookies (which they will remove) but that Basic authentication puts some header values in the HTTP headers that WebSphere won't remove. Since the browser keeps sending them it'll keep relogging you in each time you visit a protected page.
I think you'll have to zap the HTTP basic authentication headers, too.
Kyle
------------------
Kyle Brown,
Author of Enterprise Java (tm) Programming with IBM Websphere
See my homepage at http://members.aol.com/kgb1001001 for other WebSphere information.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!