[jboss-user] [Security & JAAS/JBoss] - Closing Browser seems to bypass DatabaseServerLoginModule
pander
do-not-reply at jboss.com
Mon Oct 23 17:48:02 EDT 2006
Hi,
I'm using JBOSS AS 4.0.4 GA and am experiencing an odd problem connected with login and logout of users. If user's explicitly choose to logout and click on the logout button of my webapp the webapp directs them to an Action class which marks the event in a database and then calls session.invalidate(). This seems to be working perfectly and I have no issues when this is the logout method.
However, if the user simply closes the browser I am getting a strange series of events happening. If they open a new browser window (having say just closed one and been logged in) the browser and JBOSS/Tomcat correctly sends them to the login page to enter their login details as the new browser window has a completely different session associated with it, and I have verified this 100% by printing out the session Id's. If the user then attempts to login again using the same username and password with which they were previously logged in, JBOSS/Tomcat seems to completely ignore my DatabaseLogin module, which extends DatabaseServerLoginModule, and so various session beans that I am populating via reads from the database in this module are not being created and I am being left with a NullPointerException when the code gets further down the request cycle and is attempting to access the beans. I do not understand this at all.... under what circumstances can JBOSS/Tomcat completely ignore the DatabaseServerLoginModule ?? Surely if the server had decided that actually the user with these credentials was still logged in then it would have done that when they went to the inital landing page and would have directed them to the user's homepage and not to the login page.... it just doesn't make sense. Am I missing something critical here?? Please help !
Kind Regards,
Paul.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980217#3980217
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3980217
More information about the jboss-user
mailing list