2 Replies Latest reply on Jan 11, 2008 4:30 PM by jdsignature

    logout() in customized login modele

    jdsignature
    jdsignature Jan 10, 2008 7:05 PM

      the logout() defined in the jboss customized login module, when this method got called.

      for instance:


      the session.invalidate() called in the application, does the logout() got called automatically by the jboss container?

      if the answer to the above is yes, how about the following setting in jboss-services.xml is not 0
      80000

      does this mean the logout will be called after 80000 secs, please advise, thanks so lot

      • 2083 Views
      • Tags:
        • 1. Re: logout() in customized login modele
          ragavgomatam
          ragavgomatam Jan 10, 2008 10:02 PM (in response to jdsignature)

          When your HttpSession time's out or when you call session.invalidate(), the container expires the caching of security credentials.

          I believe you are referring to DefaultCacheTimeout in jboss-service.xml.

          This specifies the default timed cache policy timeout in seconds.If you want to disable caching of security credentials, set this to 0 to force authentication to occur every time. Like wise 80000s means it will be cached for that many seconds, if session invalidation does not occur. If your HttpSession expires before that, it will be cleared. That is my understanding

            • Actions
          • 2. Re: logout() in customized login modele
            jdsignature
            jdsignature Jan 11, 2008 4:30 PM (in response to jdsignature)

            Thanks so lot for your help, I noticed that the following configurations need to be done in order to have this to work properly:

            Code:
            <jboss-web>
            <security-domain flushOnSessionInvalidation="true" >java:jaas/eluminate</security-domain>
            </jboss-web>

            thanks

              • Actions