2 Replies Latest reply on Sep 10, 2008 8:28 AM by nimo22

    Identity Login Issue (retaining old session)

    schenkd

      My application uses the seam identity.login() with a form based login page. 


      When a user logs in, then returns to the login page (without logging out), and then enters different credentials identity.login() exits before performing a full login, and the session has the old details.


      As well as keeping the old user identity, the session isn't reset so old session scoped objects are not removed.


      Is there a way to force a logout before the login takes place?  I've search for examples, and have tried a number of things all without any success.


      It seems that I need to have Session.getInstance().invalidateSession();, but that can't be called at the start of a call because it destroys the session at the end of the call.