Hi, I wrote a custom login module which I use to authenticate an user against a remote server. I have overridden the login and logout-methods with my own code. Both work correctly.
The only thing I do not unterstand is, why the sessions of my portlets do not get invalidated. If I login to my application, logout and then login again, I notice that the old portlet sessions are still valid (renderRequest.isRequestedSessionIdValid() evaluates to true). A few code lines later, when I try to retrieve an attribute from the session I get an exception that the session is already invalidated (java.lang.IllegalStateException: getAttribute: Session already invalidated). At the moment, this is very confusing for me because isRequestedSessionIdValid() evaluates to true. After logging out, I would expect that all Portlet Session are invalidated and isRequestedSessionIdValid should evaluate to false. What am I doing wrong? Can anybody explain this behavior to me? Maybe there is something I misunderstood. Thanks, Sebastian View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4151315#4151315 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4151315 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
