WebAuthentication - unable to remove Principal from Cache --------------------------------------------------------- Key: JBAS-7730 URL: https://jira.jboss.org/jira/browse/JBAS-7730 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Components: Web Services Affects Versions: JBossAS-4.2.3.GA Environment: Windows XP, Java 6.0.17, MSSQL db Reporter: Maarten van Leunen Assignee: Alessio Soldano Priority: Minor http://community.jboss.org/wiki/CachingLoginCredentials I've tried basically all of the above to make sure that a Principal that is logged in and wishes to delete his account is properly logged out so that his Principal is no longer cached by the JaasSecurityManagerService. We've already had all of the below: - (new WebAuthentication).logout() - HttpSession.invalidate() - add flushOnSessionInvalidation="true" to jboss-web.xml Tried adding code to Programatic Flushing via JMX, but did not have any effect. Disabling Caching - this worked, but was unacceptable, seeing as the amount of attempts to authorize using the database increased dramatically. - currently we have a DefaultCacheTimeout set to 9600 seconds, and after that time, the account is indeedy removed from the Cache and the database is once more contacted to retrieve the Principal -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira