Hey Brad,
The usual way of forcing JSecurity to "forget" a subject is to call
Subject.logout() - this should remove any remember me cookies as
well. Perhaps you could auto-logout subjects in your development
environment upon first access? You could also just bookmark the /
logout URL and click the bookmark when you start a new development
session.
This would be difficult to do on the server side (i.e. without a web
request from a browser), since it involves actually clearing the
cookie from a user's machine.
Please let me know if you have any ideas about how JSecurity could
make this process easier.
Jeremy
On Jul 31, 2008, at 12:11 PM, Brad Whitaker wrote:
Is it possible to force JSecurity to "forget" a subject that has
previously been remembered?
This is an issue for me only in "development" mode and shouldn't
occur in a production environment. The problem is that I often start
a development session with an empty user database but the browser
comes to the site with a cookie. I end up getting a Principal that I
don't know. I would like to discard the cookie at this point. Is
this possible? Or is there a better way to deal with this issue
(other than clearing the cache on the browser)?
Thanks,
Brad
