3 Replies Latest reply on Sep 6, 2005 3:15 AM by hoth256

    Session Invalidate + isUserInRole Issue

    hoth256 Newbie

      Hello this is a duplicate posting of http://www.jboss.com/index.html?module=bb&op=viewtopic&t=67511 (my apologies for the duplicate - but I believe this forum is more apporpriate).


      Background
      I'm using j_security_check for form based auth. using a custom login module.

      Problem:
      Upon logging in using the custom login module, things work as expected - however, upon logging out by invalidating my session in a "logout" servlet where I use the request dispatcher to take me to the next page, I have things showing up on the page that shouldn't because they are enclosed in isUserInRole blocks.

      Upon clicking on the logout link again (which, by the way, is one of the things enclosed in a isUserInRole block), things work correctly.

      I'm fairly certain the page is not being cached. Does the problem have to do with the fact that something having to do with the Principal/Subject is cached in the HttpRequest object (grasping)?

      I've tried things like creating a new session after invalidating the original.

      Please help - I've spent way too much time on something as simple as loging a user out.

      Thanks in advance!