I've found that certain applications will no longer invalidate sessions after upgrading from 7.0.53 to 7.0.54.
It seems to require clustering to be set up in Tomcat. If it's not set up, session invalidation works fine. So far, I can only trigger it in a webapp that uses Tapestry Spring Security. I see a few changes in the changelog related to session invalidate and clustering, could one of these changes be responsible? Anyone else see the same issue? -Dave --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
