[gatein-issues] [JBoss JIRA] (GTNPORTAL-3184) Not allowing the same user login in at the same time (two sessions)

[ https://issues.jboss.org/browse/GTNPORTAL-3184?page=com.atlassian.jira.pl... ] Vu Viet Phuong commented on GTNPORTAL-3184: ------------------------------------------- When turn-on singleLogin, only after user has logout on one browser, he can login on other browser. This machanism rely on IdentityRegistry, and JAASConversationStateListener --> a HttpSession listener when user logout, the sessionDestroyed event is dispatched and this listener will clear the coressponding identity object in the registry in WCI (TC7ServletContainerContext class) we have logout code like this: {code} //This will change the sessionID servletRequest.logout(); ... //This code dispatch sessionDistroyed event webapp.invalidateSession(); ... {code} The JAASConversationStateListener receive session destroyed event but with a difference sessionID. Then it can not remove the corresponding identity object in the registry User can not login again, even after the has logout. And this also cause memory leak in the IdentityRegistry service -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira