janole, yes the spec says that and it is what it does, but you misunderstand it.
portletsession.invalidate() invalidates the http session of the portlet war file, not the session of the portal. there are 2 separate sessions. the portable way to do that is to bundle your portlet in the war file of the portal. in that case the 2 sessions will be the same. but at the end, invalidating the session does not garantee that the users logout. you have no garantee that invalidating a session performs logout but this is the case on jboss portal when "form" based authentication is used. it would not work with "basic" authentication. And that behavior could change in the future for jboss portal as well. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3869746#3869746 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3869746 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-Development mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-development
