On Tue, Aug 11, 2009 at 17:46, Norman Franke<nor...@myasd.com> wrote:
> The JavaDoc on org.apache.tapestry5.service.Request states that
> "getSession(false)" should return NULL if the session is invalidated. This
> is not happening, it returns the invalidated session.
>
> I think this is because tapestry-spring-security is using the
> HttpServletRequest and thus the HttpSession instead of the Tapestry Sesssion
> in LogoutServiceImpl. Invalidating the HttpSession does NOT invalidate the
> Tapestry session causing all sorts of issues. If I invalidate the Tapestry
> session first, then call logoutService.logout() it seems to work.
>
> Can this be fixed in tapestry-spring-service?
Sure, if we can work out the proper way to solve this. If I understand
you, the logoutService invalidates the HttpSession, which makes
Tapestry session throw an exception?
Currently the LogoutService logs out the following two cases:
public static void contributeLogoutService(
final OrderedConfiguration<LogoutHandler> cfg,
@InjectService("RememberMeLogoutHandler")
final LogoutHandler rememberMeLogoutHandler) {
cfg.add("securityContextLogoutHandler",
new SecurityContextLogoutHandler());
cfg.add("rememberMeLogoutHandler", rememberMeLogoutHandler);
}
My guess is that one probably should add a tapestry logout handler,
which should invalidate the tapestry session?, but I'm not sure
whether this should be default or up to the user. But if the
LogoutService is unusable without the tapestry logout handler I guess
it's of use be default :)
--
regards,
Robin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
