struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cliff Rowley" <cl...@onsea.net>
Subject RE: How can I make my logout page not secure?
Date Mon, 23 Sep 2002 13:02:57 GMT
Now that makes perfect sense.

>-----Original Message-----
>From: Michael [mailto:michael@idtect.com] 
>Sent: 23 September 2002 13:50
>To: 'Struts Users Mailing List'
>Subject: RE: How can I make my logout page not secure?
>
>
>Ok, let's make it really simple for those who skipped their breakfast:
>
>A user logs in, uses the site, and then goes to lunch.  Two 
>hours later (or 30 minutes if you're in the US) the user 
>returns and sees the website.  He clicks on the logout link.  
>He gets a login page.  He enters his user id and password, and 
>then sees the "You have logged out" page.
>
>I agree it is confusing.  I feel that the user should never 
>get a login page when clicking on the logout link, and should 
>never get the logout page when logging in.  Yet with container 
>managed security protecting *.do this is exactly what happens.
>
>Michael
>
>> -----Original Message-----
>> From: Cliff Rowley [mailto:cliff@onsea.net]
>> Sent: lundi 23 septembre 2002 14:42
>> To: 'Struts Users Mailing List'
>> Subject: RE: How can I make my logout page not secure?
>> 
>> 
>> Ok, I'm obviously missing a chunk of knowledge somewhere -
>> but if you're already logged out, why do you want to log in - 
>> in order to log out and then log in again?  Also, what is the 
>> impact of closing your browser and opening a new one?  Do you 
>> get a new session?
>> 
>> Sorry if I'm way out there with the fairies.
>> 
>> >-----Original Message-----
>> >From: Michael [mailto:michael@idtect.com]
>> >Sent: 23 September 2002 13:19
>> >To: 'Struts Users Mailing List'
>> >Subject: RE: How can I make my logout page not secure?
>> >
>> >
>> >I have the session serialization turned off and when I restart 
>> >tomcat, I have to log out and log back in.  But to log out, 
>I have to 
>> >log in first.
>> >
>> >> Out of pure interest, why do you want logout unprotected?
>> People who
>> >> are logged out wont need to log out, will they?
>> >
>> >
>> >
>> >--
>> >To unsubscribe, e-mail:   
>> ><mailto:struts-user->unsubscribe@jakarta.apache.org>
>> >For
>> >additional commands,
>> >e-mail: <mailto:struts-user-help@jakarta.apache.org>
>> >
>> >
>> 
>> 
>> --
>> To unsubscribe, e-mail:   
>> <mailto:struts-user-> unsubscribe@jakarta.apache.org>
>> For
>> additional commands, 
>> e-mail: <mailto:struts-user-help@jakarta.apache.org>
>> 
>
>
>--
>To unsubscribe, e-mail:   
><mailto:struts-user->unsubscribe@jakarta.apache.org>
>For 
>additional commands, 
>e-mail: <mailto:struts-user-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message