0 Replies Latest reply on Aug 22, 2006 2:13 PM by Mike Tolbert

    session timeout does not invalidate the SSO

    Mike Tolbert Newbie

      I am using JBoss SSO on an application that consists of multiple WAR's and the application needs to track when a users session (SSO) is created and destroyed. I have implemented an HttpListener and defined it in web.xml. Unfortunately, when one webapp (WAR) session invalidates/times out it doesn't necessarily mean that all sessions in all webapps have been invalidated for that user. Therefore, this approach doesn't accomplish what I need, which is track when a users SSO gets created and destroyed.

      It would be nice if there was some sort of SSOListener that could be implemented. This SSOListener might be invoked when the SSO is created and destroyed, and have methods like ssoCreated() and ssoDestroyed().

      Is there a hook to tell when a SSO gets created and destroyed?

      FYI- This is my SSO configuration for JBoss

      -- server.xml --
      turned on valve: org.apache.catalina.authenticator.SingleSignOn

      -- jboss-service.xml --
      Disabled SSO caching by setting DefaultCacheTimeout and DefaultCacheResolution to 0.

      Any assistance would be appreciated.