5 Replies Latest reply on Oct 21, 2011 1:39 AM by Jason Porter

    Identity.logout doesn't destroy my session scoped beans

    lholmquist Newbie

      I noticed that when i call identity.logout my @SessionScoped bean doesn't get destroyed.    I have a User manager class that is pretty much a copy of the CurrentUserManager class in the seam-booking example. I'm setting a breakpoint in my IDE(IntelliJ) on the onLogin method. the code is below for reference

      public class CurrentUserManager {
          private User currentUser;
          public User getCurrentAccount() {
              return currentUser;
          // Injecting HttpServletRequest instead of HttpSession as the latter conflicts with a Weld bean on GlassFish 3.0.1
          public void onLogin(@Observes @Authenticated User user, HttpServletRequest request) {
              currentUser = user; \\<--- break point here
              // reward authenticated users with a longer session
              // default is kept short to prevent search engines from driving up # of sessions

      After the first time i log in the current user is null, which i expect.  After i log out then log back in, the value of current user before it is set is the user that i just logged out with. I was under the impression that a call to identity.logout would invalidate all session variables

      Is this how it suppose to work, and i need to invalidate the session by observing a logout event or am i doing something wrong.