On 7/6/06, Peter Hunsberger <[EMAIL PROTECTED]> wrote:
On 7/6/06, Peter Hunsberger <[EMAIL PROTECTED]> wrote: > I'm attempting to migrate some more of our code from sitemap based > action handlers to flow. Cocoon is at 2.1.8 and I'm seeing problems > invalidating sessions from flow. >
Found the problem. With JBoss 4, the sesionId is not disposed of when session.invalidate() is called. Instead, it is reused on the next request if the JSESSIONID cookie still exists in the browser (it's normally an in memory cookie). This is a change from JBOSS 3 (probably Tomcat 5 related). If you need unqiue sessionIds per session (I can see that for some clustering options you might want to track session across failover) then the solution is to clober the JSESSIONID cookie at the time you invalidate the session. -- Peter Hunsberger
