Personally, I think it the desired behavour should be like the tomcat SSO valve.
What happens there is whenever an application session is terminated, if it was terminated because of a timeout, then if the parent SSO session has no other children sessions, then the parent SSO session is also terminated. However, if there are other children sessions, then just the session that has just timed out is removed from the SSO parent session, everything else is left intact. (If the user goes to use that application again, they are automatically re-authenticated and the session re-instantiated). However, if it was invalidated (typically because of a logout), then all children sessions of the parent SSO session are invalidated and finally the parent session itself is terminated. But still, no idea what exactly is causing it, and I really doubt it has anything to do with jetspeed... On 3/9/06, Jacek Wiślicki <[EMAIL PROTECTED]> wrote: > > Wiadomosc od Aaron Evans z 2006-03-09 21:52 brzmiala: > > > Yeah, you may be right about 'emptySessionPath' set to true. If I turn > that > > off, it seems to go away... > Such a behaviour seems reasonable, as if a user logs-off from one webapp > (context) he may still be active in another context sharing the same > HTTP session. > > -- > pozdrawiam, > Jacek Wislicki > > [EMAIL PROTECTED] > tel.: +48 502 408 444 > gg: 2540358 > skype: jacek_wislicki > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
