Hi all,

I have a webapp (Tomcat 4.1.24) that has a set of jsp's in a protected
directoy. The user login is using form based authentication with a
memoryRealm. This is all working fine.

I am now trying to create a logout button. I have checked the archives and
found a number of threads on this issue. The advise seems to be:

* invalidate the session using session.invalidate();
* send an error code using response.sendError(response.SC_UNAUTHORIZED,
'Logged out');
* make usre that the page is not cached using:
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">

I have tried all of these and it still does not seem to work. After clicking
the logout button, I can still view the pages in the protected directory. My
button looks like this:

<input type="submit" name="id0" value="Logout"
onclick="session.invalidate();response.sendError(response.SC_UNAUTHORIZED,
'Logged out');" >

Thanks for any help that you can give me...

Patrick


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)