I normally handle site logout with a JSP that executes
<% session.invalidate(); %>
then redirects to the home page. Now I am running on WebSphere Application Server 5.1 authenticating against a Novell eDirectory LDAP server using LTPA and a SSL Certificate. Session.invalidate() does not work. Someone suggested it is because WAS is using LTPA. LTPA creates an authentication cookie that is not cleared by session.invalidate (?).
IBM does have a proprietary logout JSP I could use**, but I don't want to use a vendor specific solution. Has anybody tackled a session logout that clears the LTPA cookie without being tied to a vendor's J2EE container?
Thanks!
Steve Mitchell
http://www.byteworksinc.com
** http://publib.boulder.ibm.com/infocenter/wasinfo/v5r0/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/xsec_formlogin.html