Uploaded image for project: 'Seam 2'
  1. Seam 2
  2. JBSEAM-1419

Identity.logout() no longer invalidates the HTTP session

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 1.3.0.ALPHA
    • Component/s: Core
    • Labels:
      None

      Description

      I noticed my session-based access control to be ineffective after a recent Seam CVS update. I'm assuming that some of the changes made to session handling broke session invalidation. I call identity.logout() which does:

      ServletSession.instance().invalidate();

      but I can still see the same session identifier in my cookie after the logout and continuing browsing.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                gavin.king Gavin King
                Reporter:
                christian.bauer Christian Bauer
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: