There are two points where roles may be cached... Tomcat caches the Principal and Roles of a user in the session. Thus, inactivating a session removes that cache.
JBossSX has an authentication cache that exists for the length of time specified by timeout option. If your web security-domain is configured for the same domain as an ejb component, then invalidating the web session will also flush the authentication cache. Thus if user has properly been logged out of system, then there should be no reason why an update to the database would not be seen imediately. If this is not happening please let us know, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3952034#3952034 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3952034 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
