invalidating the http session is the way to go because all the persist and ASO objects are stored there.
i have a LogoutService that is called when a user wants to log out. this service only deletes an artifact that is used to verify the successfull login. in an dispatcher (see AccessController on the wiki) the artifact is checked and if it does not exist the httpsession is invalidated. g, kris tapestryphoto <pho...@digiatlas.org> 23.01.2009 10:22 Bitte antworten an "Tapestry users" <users@tapestry.apache.org> An users@tapestry.apache.org Kopie Thema T5: how to invalidate session on logout? I need to be able to reset everything when the user logs out. Currently @Persist objects are still available if the user logs in again with the same browser instance. This isn't very optimal. I have searched the mail archive and found some comments on this issue made at the end of 2007. I'm wondering if there is a standard way to do this. The Wiki appears to be silent on the issue - I would have thought this would have had more importance than it seems to have. According to these prehistoric ;-) postings to the mailing list, one should inject RequestGlobals and then call invalidate() on the session. Is this still the way to do this? It seems rather clunky and non-obvious - especially for the novice T5 programmer who is shown numerous examples of logins and ASOs and how to use @Persist. The T5 page about persistance strategies is also silent on the issue (apart from mentioning discardPersistentFieldChanges() - but that would require running the method on every page when logging out). Thoughts? p. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org