The spec also defines: "If the HttpSession object is invalidated, the PortletSession object must also be invalidated by the portlet container.cxv If the PortletSession object is invalidated by a portlet, the portlet container must invalidate the associated HttpSession object."
"The getCreationTime, getId, getLastAccessedTime, getMaxInactiveInterval, invalidate, isNew and setMaxInactiveInterval methods of the PortletSession interface must provide the same functionality as the methods of the HttpSession interface with identical names." So since HttpServletRequest.invalidate() invalidates the session and set remoteUser to null, I thougt the same would happen for PortletSession.invalidate() What you are saying is that the portlet session does not "own" the user. And that the portal itself has a http session, wich the user belongs to. If this is correct, how can I force a user logout from the portal in a portlet wich only implements JSR-168 standard classlib (and not the JBoss add-on classlib)? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3869743#3869743 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3869743 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-Development mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-development
