Re: [PR] Add logout functionality to Manager and Host-Manager webapps [tomcat]

via GitHub Sun, 23 Nov 2025 07:32:00 -0800


stevearmstrong-dev commented on PR #924:
URL: https://github.com/apache/tomcat/pull/924#issuecomment-3568082606


   > The purpose is to destroy the session before the timeout happens?
   
     Yes, exactly. Without logout, authenticated sessions remain active until
     the 30-minute session timeout (configured in web.xml), browser close, or
     Tomcat restart.
   
     So user can logout and re-authenticate without waiting for timeout by 
invalidating the HTTP session and sends a 401 as response.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] Add logout functionality to Manager and Host-Manager webapps [tomcat]

Reply via email to