Just to point out why this is a serious issue. Basically, a user must logged out multiple times to make sure he/she no longer authenticated. I can of course setup session timeout so they eventually expire, but I'm looking for a proper fix.
Any suggestion on where I should begin to look would be great. Thanks, Jack -- View this message in context: http://shiro-user.582556.n2.nabble.com/Interesting-Behavior-of-isAuthenticated-on-Jersey-Jetty-Shiro-tp6208130p6208358.html Sent from the Shiro User mailing list archive at Nabble.com.
