Tuesday, August 26, 2003 11:17 PM
If you invalidate the session, all session data would be lost. This could be enough for the purpose of logging out a user logged on using HTTP FORM (if authentication data is stored in session).
On the other hand, HTTP BASIC is quite different, since the authentication information is send by the browser. That means, that if you invalidate the session user data will be lost, but if the user tries to continue in your application, he will be able to do that, since the browser continues send authentication information.
Hope it helps,