Is it programmatically possible, from the server side, to tell a web browser to discard a previous authentication without sending a 401 to the browser via a header?
I am using Jaas via DatabaseLogin and am having one hell of a time figuring out how to accomplish a logout. One I got over the login hurdle, I figured the logout part would be a piece of cake. I was wrong.
Any suggestions for how to actually accomplish a real logout would be greatly appreciated.
Basic authentication will not allow you to log out a user without sending a 401 to flush the cached authorization. For this type of activity, you would need to rely on a custom scheme in your web application. We use form logins coupled with servlet session tracking to determine if users can view content.