-
1. Re: Single SignOn session logoff behavior?
brian.stansberry Nov 16, 2005 2:59 PM (in response to mikepastor)When a session is destroyed, the SingleSignOn valve receives a notification. It checks the destroyed session to see whether its maxInactiveInterval has been surpassed. If so, it assumes the session was destroyed due to timeout, and other sessions associated with the sso are not invalidated. If the maxInactiveInterval was not exceeded, it assumes the session was destroyed due to a deliberate call to session.invalidate(). In this case, the other sessions associated with the sso are also invalidated.
There is a problem this approach, namely that if an app is undeployed, all its sessions are destroyed, probably before their maxInactiveInterval has passed. The sso valve will interpret this as a conscious invalidation and will terminate all associated sessions. So, undeploying a webapp will have the effect of terminating all sso sessions associated with the app. See http://jira.jboss.com/jira/browse/JBAS-2429. -
2. Re: Single SignOn session logoff behavior?
mikepastor Nov 18, 2005 12:04 PM (in response to mikepastor)Thanks Brian !