Github user michael-o commented on a diff in the pull request:
https://github.com/apache/tomcat/pull/98#discussion_r195838254
--- Diff: java/org/apache/catalina/manager/host/HTMLHostManagerServlet.java
---
@@ -173,6 +177,36 @@ protected String add(HttpServletRequest request,String
name,
return stringWriter.toString();
}
+ /**
+ * Log out by invalidating the current session and sending 401
+ * in order to prompt user for new login upon next access.
+ *
+ * @param request The Servlet request
+ * @param response The Servlet response
+ */
+ protected void logout(HttpServletRequest request, HttpServletResponse
response) throws IOException {
+ response.setHeader("WWW-Authenticate","Basic realm=\"Login
required\"");
--- End diff --
I don't like this because you assume from within the code that the auth
mech is basic which is not always true.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
