1 Reply Latest reply on Jan 11, 2012 2:01 PM by Jason Porter

    org.jboss.seam.security.IdentityImpl.logout regression?

    Michael Anstis Newbie


      I notice org.jboss.seam.security.IdentityImpl.logout() now invalidates the HttpSession and subsequent calls cause an InvalidStateException.

      See https://github.com/seam/security/blob/develop/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java

      As far as I can tell this change was added for Seam 3.1.0.Final (the Session.getSession().invalidate() is commented as a TODO in prior versions.

      See http://grepcode.com/file/repository.jboss.org/nexus/content/repositories/releases/org.jboss.seam.security/seam-security-impl/3.0.0.Final/org/jboss/seam/security/IdentityImpl.java

      This causes a small (fixable) regression for me in my application when logging out successive times on the same Session was pemitted.

      Could you please confirm this is now deliberate (so I don't refactor only to find a change in a later release?)