https://bz.apache.org/bugzilla/show_bug.cgi?id=62048
--- Comment #7 from Marek Czernek <mczer...@redhat.com> --- Hi Mark, that is fair. However, would you lean towards accepting the PR if I managed to execute the logout with Javascript? I believe it might be possible to enforce the logout on other clients by sending a virtual GET with incorrect username and password on behalf of the user after the 401 flush. Or even if that worked, would you lean towards a wontfix? I understand either decision, and I'm asking only to know whether it is worth for me to spend more time on this BZ. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
