[jboss-user] [Security & JAAS/JBoss] - Re: AbstractServerLogin module.logout and cached principals
do-not-reply at jboss.com
Mon Aug 18 15:44:33 EDT 2008
anonymous wrote : 2)I log in as john successfully (username:john, password 1234). Principal john gets cached.
| 3) I close my browser in 2 minutes. I open my browser after 10 mins. I am prompted with a login screen.
When user closes browser, send a ajax request to server & do a HttpSession.invalidate(). This will clear your cached Principal from Jboss.
anonymous wrote : Another question is: If we cannot call the logout, how do I log out of my web application? Would I need to try session invalidation? I am confused as to how this will remove the principal from JBoss cache.
Yes HttpSession invalidation is the way to clear the cache from jboss
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171138#4171138
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171138
More information about the jboss-user