1 Reply Latest reply: Jan 11, 2012 2:01 PM by Jason Porter RSS

    org.jboss.seam.security.IdentityImpl.logout regression?

    Michael Anstis Newbie

      Hello,


      I notice org.jboss.seam.security.IdentityImpl.logout() now invalidates the HttpSession and subsequent calls cause an InvalidStateException.


      See https://github.com/seam/security/blob/develop/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java


      As far as I can tell this change was added for Seam 3.1.0.Final (the Session.getSession().invalidate() is commented as a TODO in prior versions.


      See http://grepcode.com/file/repository.jboss.org/nexus/content/repositories/releases/org.jboss.seam.security/seam-security-impl/3.0.0.Final/org/jboss/seam/security/IdentityImpl.java


      This causes a small (fixable) regression for me in my application when logging out successive times on the same Session was pemitted.


      Could you please confirm this is now deliberate (so I don't refactor only to find a change in a later release?)


      Thanks,


      Mike