[jboss-user] [Security & JAAS/JBoss] - Re: logout() in customized login modele
ragavgomatam
do-not-reply at jboss.com
Thu Jan 10 22:02:19 EST 2008
When your HttpSession time's out or when you call session.invalidate(), the container expires the caching of security credentials.
I believe you are referring to DefaultCacheTimeout in jboss-service.xml.
This specifies the default timed cache policy timeout in seconds.If you want to disable caching of security credentials, set this to 0 to force authentication to occur every time. Like wise 80000s means it will be cached for that many seconds, if session invalidation does not occur. If your HttpSession expires before that, it will be cleared. That is my understanding
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4118898#4118898
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4118898
More information about the jboss-user
mailing list