2 Replies Latest reply on Jan 11, 2008 4:30 PM by mk dddd

    logout() in customized login modele

    mk dddd Newbie

      the logout() defined in the jboss customized login module, when this method got called.

      for instance:


      the session.invalidate() called in the application, does the logout() got called automatically by the jboss container?

      if the answer to the above is yes, how about the following setting in jboss-services.xml is not 0
      80000

      does this mean the logout will be called after 80000 secs, please advise, thanks so lot

        • 1. Re: logout() in customized login modele
          Ragav Gomatam Novice

          When your HttpSession time's out or when you call session.invalidate(), the container expires the caching of security credentials.

          I believe you are referring to DefaultCacheTimeout in jboss-service.xml.

          This specifies the default timed cache policy timeout in seconds.If you want to disable caching of security credentials, set this to 0 to force authentication to occur every time. Like wise 80000s means it will be cached for that many seconds, if session invalidation does not occur. If your HttpSession expires before that, it will be cleared. That is my understanding

          • 2. Re: logout() in customized login modele
            mk dddd Newbie

            Thanks so lot for your help, I noticed that the following configurations need to be done in order to have this to work properly:

            Code:
            <jboss-web>
            <security-domain flushOnSessionInvalidation="true" >java:jaas/eluminate</security-domain>
            </jboss-web>

            thanks