[jboss-user] [Security & JAAS/JBoss] - Re: Logout Issue
nipunbatra
do-not-reply at jboss.com
Tue Nov 14 16:43:08 EST 2006
Hi Sohil
Thanks for your response
I cross checked it twice and started fresh after deleting all the cookies, here is what I found out about cookies
1) Application after I log in I can see one cookie for my domain "token"
2) Now from same browser I go to Applicatiob B, automatically gets log into the Application B and cookie is still "token" for my domain
3)I logout from application B and after that "token" cookie is deleted under the domain.
4)I go back to application A and again I automatically log in and this time I again see the "token" cookie for my domain
5)I go back to Application B and again I gets logged in automatically, token cookie is regenerated
Note: All above steps are done with 5 sec delay
Now
6) On Application B I logout (In logs I can see I am calling session.invalidate() and after that request.getuserprincipal becomes null),
After logging out,Now token cookie is deleted from browser. I again type the logout URL on browser for application B and send the page again to logout page i.e I did logout for 2 times
7) Now I go back to Application A and now I see 'SSO Logout...' message on screen, (I beleive that this message is internal as I am not printing it anywhere) and after that my logout page of application A is called.
So I am sure that I have to do logout twice and then only I log out from all partner applications.
Waiting for your response
Regards
Nipun
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985947#3985947
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985947
More information about the jboss-user
mailing list