[jboss-user] [JBoss Seam] - Seam Security question

JohnEChesher do-not-reply at jboss.com
Tue Feb 27 15:46:13 EST 2007

The example seamspace application, on logout, calls action method identity.logout, but does not explicitly call Seam.invalidateSession().  

a) Does identity.logout invalidate the session for me? (I thought I saw a hint to the contrary, but I cannot reproduce...)

b) if not, shouldn't I create a logout action method that will call identity.logout() AND Seam.invalidateSession()?

I'm inclined to be conservative and clear the session manually, but that seems to obsolete the need for identity.logout(), so I'd like to hear an opinion from the Seam authors.

Thanks!  Oh yeah, I've been working with Seam for a month now.  I'm very impressed with the capabilities and quality available in such a new technology.  Kudos to all the Seam contributors!

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023273#4023273

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4023273

More information about the jboss-user mailing list