can't logout: user is re-remembered

Fri, 06 Feb 2009 15:27:11 -0800

I'm having a problem that I don't fully understand. After I invoke logout() the subject.principal becomes null as expected, but upon redirect the subject.principal is no longer null -- the user is remembered again. The log messages from JSecurity indicate a rememberMe cookie has been found when I think it probably shouldn't be found.
The issue does not occur in my devel environment (Grails, HSQLDB) but only in production (Tomcat, MySql, war deployed as ROOT). My signout code does this: 


           log.info "signout: enter:  
getPrincipal=${SecurityUtils?.getSubject()?.getPrincipal()}"

           SecurityUtils.subject?.logout()

           log.info "signout: after logout:  
getPrincipal=${SecurityUtils?.getSubject()?.getPrincipal()}"

           redirect(controller: 'home')


My log shows this. (You'll notice that I have several 'before' and 
'after' filters)


   02/06 15:10:57 INFO  grails.app.controller.AuthController  -
   signout: enter:  [email protected]
   02/06 15:10:57 DEBUG org.jsecurity.web.attr.CookieAttribute  - No
   value found in request Cookies under cookie name [rememberMe]
   02/06 15:10:57 INFO  grails.app.controller.AuthController  -
   signout: after logout:  getPrincipal=null
   02/06 15:10:57 INFO  grails.app.filters.SslFilters  - DebugFilter:
   after: controller=auth action=signOut params=["action":"signOut",
   "controller":"auth"] principal=null
   02/06 15:10:57 DEBUG org.jsecurity.web.attr.CookieAttribute  - Found
   string value
   
[clJgEjFZVuRRN5lCpInkOsawSaKK4hLwegZK/QgR1Thk380v5wL9pA1NZo7QHr7erlnry1vt2AqIyM8Fj2HBCsl1lierxE9EJ1typI2GpgMeG+HmceNdrlN6KGh4AmjLG3zCUPo8E+QzGVs/EO3PIAGyYYtuYbW++oJDr5xfY9DwK4Omq5GijZSSmdpOHiYelPMa1XLwT0D/kNCUm6EVfG6TKwxViNtGdyzknY7abNU7ucw2UWfjFe24hH0SL0hZMXjPQYtMnPl5J5qfjU4EXX1a/Ijn0IKUEk5BmY+ipc6irMI/Rrmumr7XSSncSHq2cpyNbwJBykFX5s/ydB64hbMenS+LhbUvnQBNt8Xkjyc+IrzntDuVGH4IGfnRIAOwDkU6EZPQ4v36wbd8IB3kUFW1/1z6ZvS4jsIgMA3TS2xMjhGB8FWnIG9RSOrT+nlejddqoRsTWWmEAWUuaOV3tZLci69POQ5k]
   from HttpServletRequest Cookie [rememberMe]
   02/06 15:10:57 INFO  grails.app.filters.SslFilters  - DebugFilter:
   before: controller=home action=null params=["controller":"home"]
   [email protected]
   02/06 15:10:57 INFO  grails.app.filters.SslFilters  - DebugFilter:
   after: controller=home action=index params=["controller":"home"]
   [email protected]


Is this a bug in JSecurity or am I doing something wrong? Is there a 
work around for this?


Thanks,

Brad

























					Reply via email to