-
1. Re: FORM based authenticated session not logged out properly
mp30130 Dec 12, 2006 1:27 AM (in response to mp30130)Ok; I have simplified my test and removed my portal from the equation; I am simply using JSPs and the LdapExtLoginModule, and BASIC authentication. I still observe the same issue ? where I am granted access to resources when I would expect to have to re-login after invalidating my session.
I have a secure directory which has a resource constraint on it. In the secure directory, I have a invalidate.jsp file. When this jsp file is visited, I invalidate the session. I would then expect I would not be able to visit any other pages under my secure directory; rather, I would expect that I would be prompted to login again if I visit another page under my secure directory. It appears that even though I have set flushOnSessionInvalidation=true in my jboss-web.xml configuration, it appears that caching is still going on and the LdapExtLoginModule.login is being called w/o having me needing to reenter the password through the BASIC authentication dialog box.
Here is the output from my simplified test program. The session invalidation occurs at
2006-12-11 23:22:47,446 and the auto re-login occurs at 2006-12-11 23:23:28,886. How do I disable this caching and force a re-login?2006-12-11 23:22:44,304 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/secure/invalidate.jsp --> false 2006-12-11 23:22:44,304 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/secure/invalidate.jsp --> true 2006-12-11 23:22:44,305 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/secure/invalidate.jsp --> false 2006-12-11 23:22:44,305 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/secure/invalidate.jsp --> true 2006-12-11 23:22:44,305 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission() 2006-12-11 23:22:44,305 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions 2006-12-11 23:22:44,305 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate() 2006-12-11 23:22:44,305 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=testuser 2006-12-11 23:22:44,306 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] Begin isValid, principal:testuser, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@bcecc7[Subject(7838822).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778] 2006-12-11 23:22:44,306 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@bcecc7[Subject(7838822).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778];credential.class=java.lang.String@21479899 2006-12-11 23:22:44,306 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] End validateCache, isValid=true 2006-12-11 23:22:44,306 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] End isValid, true 2006-12-11 23:22:44,306 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: testuser is authenticated 2006-12-11 23:22:44,306 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: Principal: testuser Principal: Roles(members:trader) , sc=org.jboss.security.SecurityAssociation$SubjectContext@d34b8c{principal=testuser,subject=325274} 2006-12-11 23:22:44,306 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@bcecc7[Subject(7838822).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778] 2006-12-11 23:22:44,306 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: testuserto: testuser 2006-12-11 23:22:44,306 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@d34b8c{principal=testuser,subject=325274} 2006-12-11 23:22:44,307 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] getUserRoles, subject: Subject: Principal: testuser Principal: Roles(members:trader) 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=GenericPrincipal[testuser(trader,)] 2006-12-11 23:22:44,307 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated 'testuser' with type 'BASIC' 2006-12-11 23:22:44,307 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl() 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Checking roles GenericPrincipal[testuser(trader,)] 2006-12-11 23:22:44,307 DEBUG [org.apache.catalina.realm.RealmBase] Username testuser has role trader 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] No role found: trader 2006-12-11 23:22:44,307 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Successfully passed all security constraints 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callerGenericPrincipal[testuser(trader,)] 2006-12-11 23:22:44,307 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Restoring principal info from cache 2006-12-11 23:22:44,307 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: Principal: testuser Principal: Roles(members:trader) , sc=org.jboss.security.SecurityAssociation$SubjectContext@1da1845{principal=testuser,subject=325274} 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null 2006-12-11 23:22:46,648 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897366647 sessioncount 0 2006-12-11 23:22:46,648 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 1 expired sessions: 0 2006-12-11 23:22:46,648 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897366648 sessioncount 0 2006-12-11 23:22:46,648 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0 2006-12-11 23:22:47,435 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Session Created with id=1C3E4585A5D9B5916FB1C2B2DDC911C9 2006-12-11 23:22:47,446 INFO [STDOUT] Invalidating session... 2006-12-11 23:22:47,446 INFO [STDOUT] ***** request = org.apache.catalina.connector.RequestFacade@1024864 2006-12-11 23:22:47,447 DEBUG [org.apache.catalina.realm.RealmBase] Username testuser has role trader 2006-12-11 23:22:47,447 INFO [STDOUT] Invalidating the session: org.apache.catalina.session.StandardSessionFacade@deb65f 2006-12-11 23:22:47,447 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Session Destroy with id=1C3E4585A5D9B5916FB1C2B2DDC911C9 2006-12-11 23:22:47,450 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@1da1845{principal=testuser,subject=325274} 2006-12-11 23:22:47,450 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Jacc Subject = Subject: Principal: testuser Principal: Roles(members:trader) 2006-12-11 23:22:47,450 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] securityDomain=mydomain 2006-12-11 23:22:47,450 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Authenticated Principal=testuser2006-12-11 23:22:47,450 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Before flush of authentication cache:: 2006-12-11 23:22:47,451 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Number of authenticated principals remaining in cache=1 2006-12-11 23:22:47,451 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Authenticated principal in cache=testuser 2006-12-11 23:22:47,451 TRACE [org.jboss.security.plugins.JaasSecurityManager$DomainInfo] destroy, subject=Subject: Principal: testuser Principal: Roles(members:trader) , this=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@bcecc7[Subject(7838822).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778], activeUsers=0 2006-12-11 23:22:47,451 TRACE [org.jboss.security.plugins.JaasSecurityManager$DomainInfo] logout, subject=Subject: Principal: testuser Principal: Roles(members:trader) , this=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@bcecc7[Subject(7838822).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778] 2006-12-11 23:22:47,451 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] logout 2006-12-11 23:22:47,451 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] After flush of authentication cache:: 2006-12-11 23:22:47,451 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Number of authenticated principals remaining in cache=0 2006-12-11 23:22:47,452 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null 2006-12-11 23:22:47,452 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null 2006-12-11 23:22:47,453 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null 2006-12-11 23:22:47,453 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, callerGenericPrincipal[testuser(trader,)] 2006-12-11 23:22:47,453 TRACE [org.jboss.security.SecurityAssociation] clear, server=true 2006-12-11 23:22:56,650 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897376650 sessioncount 0 2006-12-11 23:22:56,650 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0 2006-12-11 23:23:16,653 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897396653 sessioncount 0 2006-12-11 23:23:16,653 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0 2006-12-11 23:23:16,653 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897396653 sessioncount 0 2006-12-11 23:23:16,653 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /testsec/pages/ 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/ --> false 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/ --> false 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/ --> false 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/ --> false 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/ --> false 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/ --> false 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/ --> false 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/ --> false 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] No applicable constraint located 2006-12-11 23:23:20,539 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint 2006-12-11 23:23:20,539 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callernull 2006-12-11 23:23:20,539 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null 2006-12-11 23:23:20,539 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2006-12-11 23:23:20,539 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2006-12-11 23:23:20,541 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2006-12-11 23:23:20,541 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2006-12-11 23:23:20,541 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null 2006-12-11 23:23:20,541 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, callernull 2006-12-11 23:23:20,541 TRACE [org.jboss.security.SecurityAssociation] clear, server=true 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /testsec/pages/secure/ 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/secure/ --> false 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/secure/ --> true 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/secure/ --> false 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/secure/ --> true 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission() 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate() 2006-12-11 23:23:28,885 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=testuser 2006-12-11 23:23:28,886 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] Begin isValid, principal:testuser, cache info: null 2006-12-11 23:23:28,886 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] defaultLogin, principal=testuser 2006-12-11 23:23:28,886 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(mydomain), authInfo=AppConfigurationEntry[]: [0] LoginModule Class: org.jboss.security.auth.spi.LdapExtLoginModule ControlFlag: LoginModuleControlFlag: required Options:name=roleFilter, value=(memberUid={0}) name=baseFilter, value=(uid={0}) name=bindCredential, value=somePortal name=bindDN, value=cn=SomePortal,dc=somebrokerage,dc=com name=roleRecursion, value=-1 name=java.naming.provider.url, value=ldap://ldapserver:389 name=roleAttributeID, value=cn name=baseCtxDN, value=dc=somebrokerage,dc=com name=rolesCtxDN, value=ou=Group,dc=somebrokerage,dc=com 2006-12-11 23:23:28,886 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] initialize, instance=@8443349 2006-12-11 23:23:28,886 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] login 2006-12-11 23:23:28,906 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] Assign user to role trader 2006-12-11 23:23:28,907 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] User 'testuser' authenticated, loginOk=true 2006-12-11 23:23:28,907 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] commit, loginOk=true 2006-12-11 23:23:28,907 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] defaultLogin, lc=javax.security.auth.login.LoginContext@56c88c, subject=Subject(25727428).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)) 2006-12-11 23:23:28,907 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] updateCache, inputSubject=Subject(25727428).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)), cacheSubject=Subject(18477885).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)) 2006-12-11 23:23:28,907 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@b041f3[Subject(18477885).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778] 2006-12-11 23:23:28,907 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] End isValid, true 2006-12-11 23:23:28,907 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: testuser is authenticated 2006-12-11 23:23:28,907 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: Principal: testuser Principal: Roles(members:trader) , sc=org.jboss.security.SecurityAssociation$SubjectContext@1b9e1e7{principal=testuser,subject=10368983} 2006-12-11 23:23:28,908 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@b041f3[Subject(18477885).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778] 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: testuserto: testuser 2006-12-11 23:23:28,908 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@1b9e1e7{principal=testuser,subject=10368983} 2006-12-11 23:23:28,908 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] getUserRoles, subject: Subject: Principal: testuser Principal: Roles(members:trader) 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=GenericPrincipal[testuser(trader,)] 2006-12-11 23:23:28,908 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated 'testuser' with type 'BASIC' 2006-12-11 23:23:28,908 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl() 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Checking roles GenericPrincipal[testuser(trader,)] 2006-12-11 23:23:28,908 DEBUG [org.apache.catalina.realm.RealmBase] Username testuser has role trader 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] No role found: trader 2006-12-11 23:23:28,908 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Successfully passed all security constraints 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callerGenericPrincipal[testuser(trader,)] 2006-12-11 23:23:28,908 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Restoring principal info from cache 2006-12-11 23:23:28,909 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: Principal: testuser Principal: Roles(members:trader) , sc=org.jboss.security.SecurityAssociation$SubjectContext@1642565{principal=testuser,subject=10368983} 2006-12-11 23:23:28,909 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2006-12-11 23:23:28,909 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2006-12-11 23:23:28,910 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2006-12-11 23:23:28,910 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2006-12-11 23:23:28,910 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null 2006-12-11 23:23:28,910 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, callerGenericPrincipal[testuser(trader,)] 2006-12-11 23:23:28,910 TRACE [org.jboss.security.SecurityAssociation] clear, server=true 2006-12-11 23:23:36,657 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897416657 sessioncount 0 2006-12-11 23:23:36,657 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0 2006-12-11 23:23:36,657 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897416657 sessioncount 0 2006-12-11 23:23:36,657 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
-
2. Re: FORM based authenticated session not logged out properly
starksm64 Dec 16, 2006 8:52 AM (in response to mp30130)BASIC auth sends credentials regardless of the session state. There is no way to force the browser to redisplay its basic login.
-
3. Re: FORM based authenticated session not logged out properly
jdsignature Nov 30, 2007 4:40 PM (in response to mp30130)what about the form based authentication