Actually, now that I've reread your post, I misunderstood your question.
You don't want to invalidate the user's authentication/authorization data,
you jsut want to log the user out.
----- Original Message -----
From: "Mike K" <[email protected]>
To: <[email protected]>
Sent: Tuesday, January 31, 2012 4:39 PM
Subject: Invalidating sessions
What is a cleanest way to invalidate a session?
I currently reaching into sessionDAO and deleting it, but I think actually
taking over that session and logging out would be preferable.
Any ideas?
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Invalidating-sessions-tp7241745p7241745.html
Sent from the Shiro User mailing list archive at Nabble.com.
