I have set up JBoss-3.0.1/Tomcat-4.0.4 with the DatabaseServerLoginModule and it seems to work allright but I still have some issues.
My testing web-application contains the following files:
Logging in seems to work quite allright. But after having logged in, I also want to be able to log out, right? Right, so I have set up /auth/logout.jsp so that it invalidates the session and then redirects to the main page using an HTTP refresh. So far so good, the first time I access the logout-page, it works perfectly. However, every subsequent time I access logout.jsp, it seems I'm just getting a cached response and the session is not actually invalidated. Am I missing something here?
PS. I have included the sources for your convenience.
As I was writing my own post, it somehow occurred to me that the problem may lie in the fact that I used a timed redirect ie.
<meta http-equiv="refresh" content="2;URL=<%=request.getContextPath()%>">
So I tried response.sendRedirect() instead and whaddaya know... It works! I still don't understand it though!! Someone care to explain this?