I notice org.jboss.seam.security.IdentityImpl.logout() now invalidates the HttpSession and subsequent calls cause an InvalidStateException.
As far as I can tell this change was added for Seam 3.1.0.Final (the Session.getSession().invalidate() is commented as a TODO in prior versions.
This causes a small (fixable) regression for me in my application when logging out successive times on the same Session was pemitted.
Could you please confirm this is now deliberate (so I don't refactor only to find a change in a later release?)
Yes, this change was deliberate, it should have been doing it all along.