[jboss-user] [JBoss Portal] - Session invalidation on JAAS logout

sebgerpb do-not-reply at jboss.com
Fri May 16 05:38:30 EDT 2008


Hi,

I wrote a custom login module which I use to authenticate an user against a remote server. I have overridden the login and logout-methods with my own code. Both work correctly.

The only thing I do not unterstand is, why the sessions of my portlets do not get invalidated. If I login to my application, logout and then login again, I notice that the old portlet sessions are still valid (renderRequest.isRequestedSessionIdValid() evaluates to true). A few code lines later, when I try to retrieve an attribute from the session I get an exception that the session is already invalidated (java.lang.IllegalStateException: getAttribute: Session already invalidated).

At the moment, this is very confusing for me because isRequestedSessionIdValid() evaluates to true. After logging out, I would expect that all Portlet Session are invalidated and isRequestedSessionIdValid should evaluate to false. What am I doing wrong? Can anybody explain this behavior to me? Maybe there is something I misunderstood.

Thanks,
Sebastian

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4151315#4151315

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4151315



More information about the jboss-user mailing list