11 Replies Latest reply on Apr 16, 2002 11:52 AM by Nick Taylor

    SRPCacheLoginModule? Right or Wrong (JBoss 2.4.4)

    Brian Coyner Newbie

      I have concerns that the SRP Login Modules are not performing any clean up when a user logs out. JBoss appears to only clean up the client SRP login modules without calling the SRPCacheLoginModule to remove the user's generated SRP credentials from the cache. Thus causing a second attempt at logging in and accessing secured EJBs to fail because the client side sees a new user, but the server side sees the user as being in the cache. Which of course fails because the credentials are not in sync. I did some digging around in the 3.0 code and noticed that the SRPLoginModule (clientside) was calling across to the server to clean up the cache, or so it appears.

      Any thoughts?

      Brian