[jboss-user] [Security & JAAS/JBoss] - Re: AbstractServerLogin module.logout and cached principals

ragavgomatam do-not-reply at jboss.com
Mon Aug 18 15:44:33 EDT 2008

anonymous wrote : 2)I log in as john successfully (username:john, password 1234). Principal john gets cached.
  | 3) I close my browser in 2 minutes. I open my browser after 10 mins. I am prompted with a login screen. 

When user closes browser, send a ajax request to server & do a HttpSession.invalidate(). This will clear your cached Principal from Jboss. 

anonymous wrote : Another question is: If we cannot call the logout, how do I log out of my web application? Would I need to try session invalidation? I am confused as to how this will remove the principal from JBoss cache.
  | thanks.  
Yes HttpSession invalidation is the way to clear the cache from jboss

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171138#4171138

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171138

More information about the jboss-user mailing list