Best thing to do is always subject.logout(). If a web app, immediately redirect the user to a new view (notice page or login page or whatever).
On Tue, Jan 31, 2012 at 4:58 PM, James Whetstone <[email protected]> wrote: > Actually, now that I've reread your post, I misunderstood your question. You > don't want to invalidate the user's authentication/authorization data, you > jsut want to log the user out. > > > ----- Original Message ----- From: "Mike K" <[email protected]> > To: <[email protected]> > Sent: Tuesday, January 31, 2012 4:39 PM > Subject: Invalidating sessions > > >> What is a cleanest way to invalidate a session? >> I currently reaching into sessionDAO and deleting it, but I think actually >> taking over that session and logging out would be preferable. >> Any ideas? >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/Invalidating-sessions-tp7241745p7241745.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > -- Les Hazlewood CTO, Katasoft | http://www.katasoft.com | 888.391.5282 twitter: @lhazlewood | http://twitter.com/lhazlewood katasoft blog: http://www.katasoft.com/blogs/lhazlewood personal blog: http://leshazlewood.com
