Question
I normally handle site logout with a JSP that executes <%= session.invalidate() %> then redirects to the home page. Now I am running on WebSphere authenticating using LTPA and a SSL Certificate. Session.invalidate() does not work. Someone suggested it is because WAS is using LTPA. LTPA creates an authentication cookie (LtpaToken2) that is not cleared by session.invalidate.
IBM does have a proprietary logout JSP*** I could use, but I don't want to use a vendor specific solution. Has anybody tackled a session logout that clears the LTPA cookie without being tied to a vendor's J2EE container?
Solution
I have found solution:
https://stackoverflow.com/questions/18898141
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianSecurity > Global securityCustom properties, click Newcom.ibm.ws.security.web.logoutOnHTTPSessionExpiretrueApply and Save to save the changes to your configuration