-
1. Re: Session Invalidate + isUserInRole Issue
hoth256 Sep 5, 2005 5:26 AM (in response to hoth256)New infomation:
I was NOT able to reproduce the issue in [3.2.5 (build: CVSTag=JBoss_3_2_5 date=200406251954)]
I am able to reproduce the issue in [4.0.1sp1 (build: CVSTag=JBoss_4_0_1_SP1 date=200502160314)]
Downloading 4.0.2 right now - wll post the results. -
2. Re: Session Invalidate + isUserInRole Issue
starksm64 Sep 5, 2005 10:11 AM (in response to hoth256)A forwarded request does not go through the security stack so I don't expect that the request roles will have changed. A redirected reply will show the updated state as a new session will be required.
-
3. Re: Session Invalidate + isUserInRole Issue
hoth256 Sep 6, 2005 3:15 AM (in response to hoth256)Thanks Scott! I have to say you are really on top of things, I see your posts all over these forums.
I am able to reproduce the intended behavior in 4.0.2 - the same as 4.0.1sp1.
Is this behavior specified in the newer servlet spec? Just wondering why the results were different in JBoss 3.2.5?
In any case upon using a response.redirect("/") as you suggest, the roles change.
Thanks again!