[jboss-user] [Tomcat, HTTPD, Servlets & JSP] - How to invalidate SSL Session?
venia
do-not-reply at jboss.com
Fri Jan 5 10:43:09 EST 2007
Is there any ways to invalidate SSL session (ex. SSLSession.invalidate()) in the web application?
The problem is that we are using client certificate authentication and after the user performs logout on re-login we need to check his client certificate again without restarting the browser. The only way to do so is to invalidate SSL session on logout.
In the Servlet specification 2.1 there was a special HTTP request attribute "javax.net.ssl.session" where SSLSession object were stored. In the latter versions there are no such an attribute.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3998295#3998295
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3998295
More information about the jboss-user
mailing list