1 Reply Latest reply on May 8, 2003 11:07 PM by jonlee

    Un-authentication: Basic Auth Logout

    talgolan

      Is it programmatically possible, from the server side, to tell a web browser to discard a previous authentication without sending a 401 to the browser via a header?

      I am using Jaas via DatabaseLogin and am having one hell of a time figuring out how to accomplish a logout. One I got over the login hurdle, I figured the logout part would be a piece of cake. I was wrong.

      Any suggestions for how to actually accomplish a real logout would be greatly appreciated.

      Peace,

      Tal

        • 1. Re: Un-authentication: Basic Auth Logout
          jonlee

          Basic authentication will not allow you to log out a user without sending a 401 to flush the cached authorization. For this type of activity, you would need to rely on a custom scheme in your web application. We use form logins coupled with servlet session tracking to determine if users can view content.