Portlet 2.0 spec PLT.18.4 (and for that matter the whole of the Portlet spec) *only* talks about the *Portlet* application, not the *Portal*
application.
This means, the portlet *container* is required to invalidate the servlet (application) session when the portlet session is invalidated, and
this is properly implemented in the Pluto container.
You should not confuse this with the (limited) behavior of the Pluto *Portal* Driver, which primarily purpose is only to serve as testbed
for the Pluto container, not a full blown, production ready, portal.
Handling logout *across* portlet applications hosted by the Pluto Portal Driver simply isn't implemented as it not needed for *testing* the
Pluto Container itself.
The Pluto Portal Driver, while actually used by some for production purposes,
really is not targeted nor maintained for such usages.
If you need such functionality (and/or similar production quality features like persistence, better (session) navigation state/url handling,
etc., etc.) you either have to add this yourself or probably better switch using a full blown portal like Apache Jetspeed-2 or others which
does provide all such features.
HTH,
Ate
hub wrote:
Brett,
After logout / login I see the same session attributes as I set before in
the portlet session.
I noticed that my, "valueUnbound()" method for attributes in the portlet
session is not called for the cleanup I need to do on logout / "portal
session invalidation". I then set portlet session expiration time to a short
period to check, if valueUnbound() is called at all, ... it is, also on
application shutdown.
The session.invalidate() on logout is run in a jsp in "portal context".
After login with different username I have a different principal in the
portlet session, but same session attributes as set before.
javabrett wrote:
If the HttpSession object is invalidated, the PortletSession object must
also be invalidated by the portlet container.
I read the same here for JSR 168:
http://opensource.atlassian.com/confluence/spring/pages/viewpage.action?pageId=3131
I have set emptySessionPath="true" in server.xml.
running on JBoss GA 4.2.2, Tomcat version is 6.0.20
Thank you
hub
javabrett wrote:
According to Portlet 2.0 spec PLT.18.4:
If the HttpSession object is invalidated, the PortletSession object
must
also be invalidated by the portlet container.
How do you detect that your portlet sessions are not being invalidated?
Brett
On Tue, Nov 17, 2009 at 10:09 PM, hub <fel...@abacus.ch> wrote:
Hello,
How do I invalidate all portlet sessions on logout?
in my logout.jsp in the portal I do the following
<%
session.invalidate();
%>
This invalidates the "portal" session but my portlet sessions are not
invalidated.
