[jboss-user] [JBoss Portal] - Session invalidation on JAAS logout
sebgerpb
do-not-reply at jboss.com
Fri May 16 05:38:30 EDT 2008
Hi,
I wrote a custom login module which I use to authenticate an user against a remote server. I have overridden the login and logout-methods with my own code. Both work correctly.
The only thing I do not unterstand is, why the sessions of my portlets do not get invalidated. If I login to my application, logout and then login again, I notice that the old portlet sessions are still valid (renderRequest.isRequestedSessionIdValid() evaluates to true). A few code lines later, when I try to retrieve an attribute from the session I get an exception that the session is already invalidated (java.lang.IllegalStateException: getAttribute: Session already invalidated).
At the moment, this is very confusing for me because isRequestedSessionIdValid() evaluates to true. After logging out, I would expect that all Portlet Session are invalidated and isRequestedSessionIdValid should evaluate to false. What am I doing wrong? Can anybody explain this behavior to me? Maybe there is something I misunderstood.
Thanks,
Sebastian
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4151315#4151315
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4151315
More information about the jboss-user
mailing list