Yeah, you may be right about 'emptySessionPath' set to true. If I turn that
off, it seems to go away...
On 3/9/06, Jacek Wiślicki <[EMAIL PROTECTED]> wrote:
>
> Wiadomosc od Aaron Evans z 2006-03-09 20:51 brzmiala:
>
> > So I seem to recall a posting about this a while back, but couldn't find
> it.
> >
> > Anyhow, when I am finding that when I logout of jetspeed, the session
> > attributes of my portlet application are still available.
> >
> > I happen to have tomcat SSO turned on, but am not sure if this is what
> is
> > causing it.
> >
> > With the SSO turned on, what *should* happen is that because my session
> got
> > invalidated, tomcat SSO should invalidate all other sessions tied to my
> SSO
> > parent session.
> >
> > I solved this problem by changing the logout URI to a URI of my portlet
> web
> > app, calling session.invalidate and then redirecting to the jetspeed
> logout
> > URI.
> >
> > I don't think this is a jetspeed problem but rather a tomcat/tomcat SSO
> > issue, but I was just wondering if others have seen this behaviour.
> >
> > I am on tomcat 5.5.9...
> I've also noticed this behaviour (Tomcat 5.5.12) without SSO. Session
> indeed is invalidated in Jetspeed LogoutServlet, but some data is still
> held. I'm not sure, but it may be caused by enabling cross-context
> sessions ('emptySessionPath' set to true).
>
> --
> pozdrawiam,
> Jacek Wislicki
>
> [EMAIL PROTECTED]
> tel.: +48 502 408 444
> gg: 2540358
> skype: jacek_wislicki
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
