So I seem to recall a posting about this a while back, but couldn't find it.
Anyhow, when I am finding that when I logout of jetspeed, the session attributes of my portlet application are still available. I happen to have tomcat SSO turned on, but am not sure if this is what is causing it. With the SSO turned on, what *should* happen is that because my session got invalidated, tomcat SSO should invalidate all other sessions tied to my SSO parent session. I solved this problem by changing the logout URI to a URI of my portlet web app, calling session.invalidate and then redirecting to the jetspeed logout URI. I don't think this is a jetspeed problem but rather a tomcat/tomcat SSO issue, but I was just wondering if others have seen this behaviour. I am on tomcat 5.5.9...
