java - Exit from ssl session -

i'm trying close ssl connection, in case wants use certificate webpage uses client-cert authentication method. know how close session, tanks. dont't know, how invalidate sslsession. apparently there one, can it's id request.getattribute("javax.servlet.request.ssl_session") , apparently not enough session.invalidate(), why? because have in logout.jsp redirects index.jsp. if ssl connection have been invalidated, should asked choose certificate browser certs, i'm not, after passing logout.jsp i'm still logged in, have request.setheader("connection", "close") in logout jsp, doesn't either (i have read header thing might interpreted more guideline browser , not close connections). in tomcat7 there's possibility use sslsessionmanager invalidate sslsession, i'm doing guess, similar has possible tomcat6 well.

so overall workflow be

1. first hit of index.jsp
2. i'm asked choose browser cert
3. i log in browser cert
4. i hit logout button, makes ajax request logout.jsp
5. in logout.jsp invalidate normal httpsession , set connection header "close"

=> here missing invalidate sslsession

6. in case of success of logout-ajax request, i'm taken index.jsp (now start on point 1. again) i'm not asked cert second time, want achieve... , before asked : don't want switch tomcat7 need done in tomcat-6.0.32

any appreciated

you have hold of sslcontext tomcat used create sslserversocket. there can go

byte[] sessionid = (byte[])request.getattribute("javax.servlet.request.ssl_session");  sslsession session = sslcontext.getserversessioncontext().getsession(sessionid); session.invalidate(); 

but don't think feasible: @ least don't know how sslcontext tomcat.