2 Replies Latest reply on Feb 27, 2007 4:02 PM by John Chesher

    Seam Security question

    John Chesher Newbie

      The example seamspace application, on logout, calls action method identity.logout, but does not explicitly call Seam.invalidateSession().

      a) Does identity.logout invalidate the session for me? (I thought I saw a hint to the contrary, but I cannot reproduce...)

      b) if not, shouldn't I create a logout action method that will call identity.logout() AND Seam.invalidateSession()?

      I'm inclined to be conservative and clear the session manually, but that seems to obsolete the need for identity.logout(), so I'd like to hear an opinion from the Seam authors.

      Thanks! Oh yeah, I've been working with Seam for a month now. I'm very impressed with the capabilities and quality available in such a new technology. Kudos to all the Seam contributors!