"juggl" wrote:
I am using jboss-3.2.1_tomcat-4.1.24 and have set up
SSO according to info from b. stansberry.
It seems to me that there is no way to actually logout
a user. If I do a session.invalidate only the current session
is invalidated but the sso id and the other associated sessions are still available.
From what I have seen from servlet spec 2.4 there is a
new method logout which seems to be exactly for the
purpose of finishing all sessions.
Is there any workaround for this?
Thanks for any info.
the current