[jboss-user] [JBoss Seam] - Seam Security question

Tuesday, 27 February 2007

The example seamspace application, on logout, calls action method identity.logout, but
does not explicitly call Seam.invalidateSession().  

a) Does identity.logout invalidate the session for me? (I thought I saw a hint to the
contrary, but I cannot reproduce...)

b) if not, shouldn't I create a logout action method that will call identity.logout()
AND Seam.invalidateSession()?

I'm inclined to be conservative and clear the session manually, but that seems to
obsolete the need for identity.logout(), so I'd like to hear an opinion from the Seam
authors.

Thanks!  Oh yeah, I've been working with Seam for a month now.  I'm very impressed
with the capabilities and quality available in such a new technology.  Kudos to all the
Seam contributors!

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023273#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [JBoss Seam] - Seam Security question