I still haven't found an answer to this question! In my imagination this should be a really trivial question, but it seems that no one has any idea! Help... please... :)
logout is not called on the server by the caching logic currently. If you want strict login/logout semantics you need to implement your own authentication cache and perform the logout when the session times out. I'm looking at doing this by default.
Great, I think that everybody expect this behaviour.
Do you plan to do that on the 2.4.x branch or only
on the 3.x ?
Any idea of the timeframe for this modification ?
Thanks in advance,
Any update on this functionality? I'm using JBoss 3.0.3 and it doesn't seem to be included. When I logout of the client using a request.getSession.invalidate() in a JSP, I seem to still be logged in through JAAS (I'm using a DatabaseServerLoginModule and Form based autherntication). I'd like to be able to log out of both the client and JAAS at the same time, but I'm not sure how to go about this. If anyone has an example of implementing a custom authentication cache as mentioned above I would really appreciate seeing how it works.
I tryed on JBoss 3.0.4 and has the same functionality, it is still logged in through JASS. There is any way to disable the cache? Any help will be really appreciated.
I'm doing the same thing as delirium, and having the same problems. I don't want to flush the cache (not that I am able to do it anyway, since I can't find RMIAdaptor anywhere, and using MBeanServer throws an exception: org.jboss.jmx.server.RMIConnectorImpl_Stub) because that would remove all the cache entries for all users, right? So, I'd like more info on creating my own authentication cache. What is meant by this? Any examples?
It seems to me that if I could store the login context somehow then I should be able to call the logout() method there and voila... But, using FORM authentication how do I get the login context?