5 Replies Latest reply on Oct 21, 2011 1:39 AM by lightguard

    Identity.logout doesn't destroy my session scoped beans

    lholmquist

      I noticed that when i call identity.logout my @SessionScoped bean doesn't get destroyed.    I have a User manager class that is pretty much a copy of the CurrentUserManager class in the seam-booking example. I'm setting a breakpoint in my IDE(IntelliJ) on the onLogin method. the code is below for reference


      @Stateful
      @SessionScoped
      public class CurrentUserManager {
          private User currentUser;
      
          @Produces
          @Authenticated
          @Named("currentUser")
          public User getCurrentAccount() {
              return currentUser;
          }
      
          // Injecting HttpServletRequest instead of HttpSession as the latter conflicts with a Weld bean on GlassFish 3.0.1
          public void onLogin(@Observes @Authenticated User user, HttpServletRequest request) {
              currentUser = user; \\<--- break point here
              // reward authenticated users with a longer session
              // default is kept short to prevent search engines from driving up # of sessions
              request.getSession().setMaxInactiveInterval(3600);
          }
      }



      After the first time i log in the current user is null, which i expect.  After i log out then log back in, the value of current user before it is set is the user that i just logged out with. I was under the impression that a call to identity.logout would invalidate all session variables


      Is this how it suppose to work, and i need to invalidate the session by observing a logout event or am i doing something wrong.