-
1. Re: logout() in customized login modele
ragavgomatam Jan 10, 2008 10:02 PM (in response to jdsignature)When your HttpSession time's out or when you call session.invalidate(), the container expires the caching of security credentials.
I believe you are referring to DefaultCacheTimeout in jboss-service.xml.
This specifies the default timed cache policy timeout in seconds.If you want to disable caching of security credentials, set this to 0 to force authentication to occur every time. Like wise 80000s means it will be cached for that many seconds, if session invalidation does not occur. If your HttpSession expires before that, it will be cleared. That is my understanding -
2. Re: logout() in customized login modele
jdsignature Jan 11, 2008 4:30 PM (in response to jdsignature)Thanks so lot for your help, I noticed that the following configurations need to be done in order to have this to work properly:
Code:
<jboss-web>
<security-domain flushOnSessionInvalidation="true" >java:jaas/eluminate</security-domain>
</jboss-web>
thanks