Hello,
I have a problem in logout mechanism for my web app. For logging in I use Digest Authentication. Here is how things go:
1. On the same web app I first used Form Authentication and on each
jsp page I created I used, on logout, bellow code:
session.invalidate();
response.sendRedirect("samepage.jsp";
2. Next, again on the same web app, I only changed <login-config> tag in web.xml, in order to achieve Digest Authentication, as bellow:
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>Authentication Area</realm-name>
</login-config>
Then, login procedure worked OK, but on log out, I still could access the secured jsp pages (as defined in web.xml)
Is there a problem in logout mechanism for Digest Authentication? How could I manage to logout?
Thanks in Advance for your answer.