"Lennart Petersson" <[EMAIL PROTECTED]> writes:
> But what is the problem with having the user still in cache even
> when he/she has left? No one else can use it and it will sooner or
> later be timed out. If you want anything to happen in logout method
> then you have to code it just like what you have to do with your
> login method. Remember that login does 'nothing' more than fills up
There are cases where there is confidential information on a screen
and people would like to log out from the session explicitly. In such
cases it is not wise to rely on a session timeout.
> a Subject - no authentication is done until your first EJB call. If
> you want a explicit authentication immediatly during login than it
> is up to you to use your own LoginModule implemntation that does
> that.
Hmmm, makes sense but that's quite a lot of work for very little gain.
I cannot imagine a reason why when one uses a logout() call the
session should still be active.
--
Nicolai P Guba http://www.gnu.org http://www.frontwire.com
mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
GSM: +44 (0)7909 960 751 DDI: +44 (0)20 7368 9708
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
