[jboss-user] [JBoss Seam] - Seam Security question
do-not-reply at jboss.com
Tue Feb 27 15:46:13 EST 2007
The example seamspace application, on logout, calls action method identity.logout, but does not explicitly call Seam.invalidateSession().
a) Does identity.logout invalidate the session for me? (I thought I saw a hint to the contrary, but I cannot reproduce...)
b) if not, shouldn't I create a logout action method that will call identity.logout() AND Seam.invalidateSession()?
I'm inclined to be conservative and clear the session manually, but that seems to obsolete the need for identity.logout(), so I'd like to hear an opinion from the Seam authors.
Thanks! Oh yeah, I've been working with Seam for a month now. I'm very impressed with the capabilities and quality available in such a new technology. Kudos to all the Seam contributors!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023273#4023273
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4023273
More information about the jboss-user