5 Replies Latest reply on Feb 27, 2011 7:07 PM by Tim Evers

    Issue with "auto-logout"

    Tom Whitner Newbie

      I just discovered that a commented out commandlink with action\="\#{identity.logout()}" on an xhtml page will cause Seam to logout the user every time the page is processed.

      <html xmlns="http://www.w3.org/1999/xhtml"
        <h:commandLink rendered="#{identity.isLoggedIn()}" 
         <h:outputText value="Please enter your username and password:" /> 
         <h:inputText value="#{credentials.username}" /> 
         <h:inputSecret value="#{credentials.password}" />
         <h:commandButton action="#{identity.login}" value="Login" />
        <h:messages styleClass="messages" />

      I have created a small sample with the following for my authenticator

      public class LoginAction implements Login {
           private Log log;
           public boolean login() {
                return true;
           public void onSuccessfulLogin() {
                log.info("Login successful.");
           public void onLogout() {
                log.info("User Logged Out.");

      With the command link uncommented, I see

      2011-02-21 14:17:48,924 INFO  [session.LoginAction] (http- Login successful.
      2011-02-21 14:17:59,267 INFO  [session.LoginAction] (http- User Logged Out.

      Note the 11 second delay before I pressed the logout button.  When I comment out the command link (as in the example above), I see the following:

      2011-02-21 14:20:40,948 INFO  [session.LoginAction] (http- Login successful.
      2011-02-21 14:20:40,979 INFO  [session.LoginAction] (http- User Logged Out.

      Note that I did NOT push the logout button, and the logout happens 21 ms after I pressed login.  Somehow the EL is being processed when the commandlink element is commented out.

      I think this is a defect/bug.  Has anyone seen this?  Is this a know issue?  If so, please point me to more information (Jira, doc, etc.).  Otherwise, I will open an issue in Jira.