Matt Raible wrote:
For some reason, calling session.invalidate() (in a filter or in a
JSP) doesn't seem to help get rid of any Acegi authentication
information. Adding ContextHolder.setContext(null) in a filter that's
mapped to logout.jsp seems to be the only thing that works for me.
Here's my LoginFilter that gets hit:
http://static.raibledesigns.com/downloads/appfuse/api/org/appfuse/webapp/filter/LoginFilter.java.html
And my console is printing out:
[appfuse] DEBUG [http-8080-Processor3] LoginFilter.doFilter(72) |
logging out 'mraible'
Sorry Matt, what container was it again? Does the 0.8.0 official
Contacts Sample app work properly in the same container (ie its logout
page works)? I'm wondering if the filter ordering is correct, as it
changed in version 0.8.0. It would be good to get to the bottom of this....
Cheers
Ben
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer