[ http://issues.apache.org/jira/browse/JS2-156?page=comments#action_54600 ] Ate Douma commented on JS2-156: -------------------------------
David, I checked this out, and you are right that the session(s) are not created anew after login: the current sessions are reused. But, logging out *does* invalidate all the sessions. So, if I understand the problem correctly, this issue concerns anonymous session data which you want to be discarded after a user logs on, correct? I think in certain situations (shoppingcard comes to my mind) this is exactly what you would want. I think portlets applications which allow anonymous access should take real care what they save in the session. If it really needs its session to be cleared after login, maybe a session listener could detect login (I haven't tested that out yet though) and clear the attributes. Anyways, my first impression is that (assuming my assumptions from above are correct) this isn't a fault of Tomcat nor the Jetspeed login functionality. > Logging on does not create a new session in /jetspeed webapp > ------------------------------------------------------------ > > Key: JS2-156 > URL: http://issues.apache.org/jira/browse/JS2-156 > Project: Jetspeed 2 > Type: Bug > Components: Container > Versions: 2.0-dev/cvs > Reporter: David Sean Taylor > Fix For: 2.0-dev/cvs > > Logging on does not create a new session in /jetspeed webapp > It seems like it only creates a new session in the /security webapp > All portlet apps need to have their session reset -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
