- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 07 May 2014 08:42:03 +0200
- To: "public-webid@w3.org" <public-webid@w3.org>
I don't claim knowing everything so please bear with me when I ask a simple question :-) Using JBoss and Tomcat (java-based) servers an HTTPS Client Certificate Authenticated session created from a browser *never terminates* regardless of session time-out settings because the TLS session has no link into the Java Servlet web session framework. Due to this neither manual logout or automatic logout work in such setups. Q1: how do other web-servers enforce logout from the server-side? Q2: if other web-servers actually can do this, does this require TCP terminate? Q3: if other web-servers actually can do this, logout works for most/all browsers without specific measures? Anders
Received on Wednesday, 7 May 2014 06:42:38 UTC