[jboss-user] [Security & JAAS/JBoss] - Re: Logout Issue

[nipunbatra]

Hi Sohil

Thanks for your response

I cross checked it twice and started fresh after deleting all the cookies, here is what I found out about cookies

1) Application after I log in I can see one cookie for my domain "token"

2) Now from same browser I go to Applicatiob B, automatically gets log into the Application B and cookie is still "token" for my domain
 
3)I logout from application B and after that "token" cookie is deleted under the domain.

4)I go back to application A and again I automatically log in and this time I again see the "token" cookie for my domain
 
5)I go back to Application B and again I gets logged in automatically, token cookie is regenerated

Note: All above steps are done with 5 sec delay

Now 

6) On Application B I logout (In logs I can see I am calling session.invalidate() and after that request.getuserprincipal becomes null), 
After logging out,Now token cookie is deleted from browser.  I again type the logout URL on browser for application B and send the page again to logout page i.e I did logout for 2 times


7) Now I go back to Application A and now I see 'SSO Logout...' message on screen, (I beleive that this message is internal as I am not printing it anywhere) and after that my logout page of application A is called.

So I am sure that I have to do logout twice and then only I log out from all partner applications.

Waiting for your response

Regards
Nipun



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985947#3985947

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985947