> If it works as expected, then (Michael M) what you might consider is on > the servlet that 'upgrades' the user from trial to 'not trial' > invalidate the session, and redirect to a protected page. This would > make the container authenticate the user again, meaning the user would > need to login again, but at least they would be kicked out of their old > role.
I should have given some more details, because it is more complicated than that. My subscription form actually POSTS to the WorldPay server and the user enters their credit card. The WorldPayServer then sends me an HTTP Post to a Struts action with the data saying the transaction was successful, and I update the database to change the user's role from trial to gold for example. Since this database change is done in another thread, I don't have access to invalidate the user's session. Here's what I've done so far: I've customized the page WordPay returns to the user saying the payment is successful. I've added a link back to our site, but the link actually logs them out and redirects them to the homepage. From there they log in again. I will probably make it even more user friend by inserting a page that says they need to login again. This seems to be working. Michael --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]