1 Reply Latest reply on Jun 25, 2003 2:50 PM by petertje

Deauthentication ?

andyjeff Jun 24, 2003 6:10 AM

Don't think the J2EE spec covers this.

Anyone know if this is possible ?
A client authenticates with a web system (setting the UserPrincipal), and then wants to logout, and have the user principal removed from their HttpSession ?

TIA

1. Re: Deauthentication ?

petertje Jun 25, 2003 2:50 PM (in response to andyjeff)

The servlet spec states that the user is logged out when the session is invalidated. That's about it, i'm afraid.
Actions