Seam Security question

johnechesher Feb 27, 2007 3:46 PM

The example seamspace application, on logout, calls action method identity.logout, but does not explicitly call Seam.invalidateSession().

a) Does identity.logout invalidate the session for me? (I thought I saw a hint to the contrary, but I cannot reproduce...)

b) if not, shouldn't I create a logout action method that will call identity.logout() AND Seam.invalidateSession()?

I'm inclined to be conservative and clear the session manually, but that seems to obsolete the need for identity.logout(), so I'd like to hear an opinion from the Seam authors.

Thanks! Oh yeah, I've been working with Seam for a month now. I'm very impressed with the capabilities and quality available in such a new technology. Kudos to all the Seam contributors!

1. Re: Seam Security question

shane.bryzak Feb 27, 2007 3:51 PM (in response to johnechesher)

identity.logout() calls Seam.invalidateSession() itself, no need to call it separately.
Actions
2. Re: Seam Security question

johnechesher Feb 27, 2007 4:02 PM (in response to johnechesher)

Thanks for the quick response Shane!
Actions

Go to original post