More info on MY problem: I believe the booking example suffers from this same flaw, because a user can login again with a different username, without being forced to logout.
The session is only invalidated upon logout... Steps: Log in as user 1, make a booking Go to home.seam and log in as user 2 from same browser session, you will see the booking. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3978028#3978028 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3978028 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
