Hmm, I'll have to try that and see if it works for me.
The way I solved it was that for logout, I send to a logout servlet in
my custom app that invalidates the session in that app and then
redirects to the jetspeed logout. Obviously, this isn't a good
solution when you have multiple portlet apps deployed.
I'm using tomcat SSO as well and I think maybe there were multiple
session objects under the different apps and so one was retaining
references to the objects even when the other session was invalidated
(although I am not sure). But if changes to one sesssion are
propagated to the other, then maybe this will work.
The funny thing is that under SSO, if you call invalidate on one
session, then all application sessions should be invalidated so it
shouldn't be a problem at all. Anyway, I'll give it a shot...
On 5/10/06, Jacek Wiślicki <[EMAIL PROTECTED]> wrote:
Hi,
there was some time ago a thread on login pipeline and leaving session
attributes after calling invalidate() on a HttpSession object in
LogoutServlet. What about extending it with this code:
HttpSession session = request.getSession();
Enumeration attrNames = session.getAttributeNames();
while(attrNames.hasMoreElements())
session.removeAttribute(attrNames.nextElement().toString());
I'm not sure if it could have any influence on other portal components
or processes (maybe some attributes should be persistent?), but it seems
to work fine in my portal.
--
pozdrawiam,
Jacek Wislicki
[EMAIL PROTECTED]
tel.: +48 502 408 444
gg: 2540358
skype: jacek_wislicki
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
