Don't think the J2EE spec covers this.
Anyone know if this is possible ?
A client authenticates with a web system (setting the UserPrincipal), and then wants to logout, and have the user principal removed from their HttpSession ?
TIA
The servlet spec states that the user is logged out when the session is invalidated. That's about it, i'm afraid.