Hi, I'm trying to implement a feature that I think is missing, but I'm feeling pretty lost in the Tomcat sources. When SSL client authentication is used, I would like to be able to logout the user. I think this means that I need to call invalidate() on the SSLSession (I'm using the JSSE implementation). But, the SSLSession or SSLSocket is not available for the servlet code.
Does anyone have some hints on how this could be solved? Should I try to make the SSLSession available in a request parameter, or should the invalidate method call in some way be placed inside the server code? /Andreas --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
