I am defeated.

I have tried every combination of logout, invalidateAll, killCookie
and invalidate session but I can't get my web application to log out.

It cleans out my session successfully but the cookie remains intact.If
I return to a secure resource it allows access without requesting
authentication.

It's a struts application. Out of desperation I created a logout
servlet to eliminate any redirection issues that may have caused
problems.

Weblogic V8.1. Any suggestions gratefully received.

Many thanks.

Dave Patterson.


Servlet get/post looks like this:

weblogic.servlet.security.ServletAuthentication.lo gout(request);
weblogic.servlet.security.ServletAuthentication.in validateAll( request
);
weblogic.servlet.security.ServletAuthentication.ki llCookie( request );
request.getSession().invalidate();

response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("");
out.println("");
out.println("Logged off");
out.println("");
out.println("");