[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1419) Identity.logout() no longer invalidates the HTTP session

Clark Updike (JIRA) jira-events at lists.jboss.org
Sun Sep 9 09:00:10 EDT 2007

    [ http://jira.jboss.com/jira/browse/JBSEAM-1419?page=comments#action_12376025 ] 
Clark Updike commented on JBSEAM-1419:

I'm still seeing this same behavior in 2.0.0.BETA1.  You can see it in the hotel booking example where the session id persists after logout.

> Identity.logout() no longer invalidates the HTTP session
> --------------------------------------------------------
>                 Key: JBSEAM-1419
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-1419
>             Project: JBoss Seam
>          Issue Type: Bug
>          Components: Core
>            Reporter: Christian Bauer
>         Assigned To: Gavin King
>            Priority: Blocker
>             Fix For: 1.3.0.ALPHA
> I noticed my session-based access control to be ineffective after a recent Seam CVS update. I'm assuming that some of the changes made to session handling broke session invalidation. I call identity.logout() which does:
>       ServletSession.instance().invalidate();
> but I can still see the same session identifier in my cookie after the logout and continuing browsing.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the seam-issues mailing list