When a session is destroyed, the SingleSignOn valve receives a notification. It checks the destroyed session to see whether its maxInactiveInterval has been surpassed. If so, it assumes the session was destroyed due to timeout, and other sessions associated with the sso are not invalidated. If the maxInactiveInterval was not exceeded, it assumes the session was destroyed due to a deliberate call to session.invalidate(). In this case, the other sessions associated with the sso are also invalidated.
There is a problem this approach, namely that if an app is undeployed, all its sessions are destroyed, probably before their maxInactiveInterval has passed. The sso valve will interpret this as a conscious invalidation and will terminate all associated sessions. So, undeploying a webapp will have the effect of terminating all sso sessions associated with the app. See http://jira.jboss.com/jira/browse/JBAS-2429. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3907486#3907486 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3907486 ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
