Menu
I normally handle site logout with a JSP that executes <%= session.invalidate() %> then redirects to the home page. Now I am running on WebSphere authenticating using LTPA and a SSL Certificate. Session.invalidate() does not work. Someone suggested it is because WAS is using LTPA. LTPA creates an authentication cookie (LtpaToken2) that is not cleared by session.invalidate.
IBM does have a proprietary logout JSP*** I could use, but I don't want to use a vendor specific solution. Has anybody tackled a session logout that clears the LTPA cookie without being tied to a vendor's J2EE container?
954
I have found solution:
Security > Global securityCustom properties, click Newcom.ibm.ws.security.web.logoutOnHTTPSessionExpiretrueApply and Save to save the changes to your configuration
140
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With