0 Replies Latest reply on Aug 31, 2004 5:26 PM by Anthony Law

    How to Force new HttpSession in JAAS/JBoss-Tomcat/FormAuth

    Anthony Law Newbie

      Hi I'm using the typical JAAS + Form-based Login setup.

      Is there any way to force invalidation of the current HttpSession & create a new one as part of the login process? This way:

      1) Browser with expired session id (eg if user left browser at login page for >30min) will not have to login twice (because JAAS will reject the 1st attempt)

      2) If user is silly enough to open 2 windows and login twice (either as same userid or different userid), I can invalidate the 1st window.

      Right now since JAAS "j_security_check" takes over on form submit, I can't force a new session like I would normally thru a LoginServlet or Struts LoginAction.

      Thanks a bunch!