Luc Boudreau <[EMAIL PROTECTED]> writes: > See : org.acegisecurity.ui.logout.LogoutFilterYou should use this filter > with a config looking like this : > <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
Maybe I'm just misunderstanding, but I don't see how LogoutFilter would help. Say you have: * Session #1 - user "admin" * Session #2 - user "joe" The "admin" user in Session #1 goes to a management page and deletes the "joe" user account. Meanwhile in Session #2, Joe tries to load some secure page. His account has just been deleted by "admin" concurrently, but Joe himself has not clicked Logout or any such thing. The Session #2 in use by Joe needs to be invalidated from the "admin" user's context (Session #1) when admin deletes the "joe" account. If the admin were to use the LogoutFilter, his own session would be invalidated instead of Joe's. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
