[Design of Security on JBoss] - Re: Security Cache Flush on Http Session Expiration - jboss-dev-forums

Wednesday, 19 November 2008

Two things:

1) When your user logs out, call session.invalidate()  and

2)

  | <security-domain flushOnSessionInvalidation="true">
  | 
in the jboss-web.xml

That should take care of things.  Internally a JAAS logout() is called which should call
the logout of your custom LM.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190534#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...