Calling logout can do nothing in your loginmodule/realm but will invalidate the session + cleanup the security context so I think it does worth calling it.
Romain Manni-Bucau Twitter: @rmannibucau Blog: http://rmannibucau.wordpress.com/ LinkedIn: http://fr.linkedin.com/in/rmannibucau Github: https://github.com/rmannibucau 2014-05-23 11:58 GMT+02:00 hwaastad <[email protected]>: > Thanks, > I check immidiately. > > I guess you are correct (would be foolish to say something else :-)), > however in my real application, the secure access is being made from a web > service client. Not quite sure how to force logout. Maybe another login > strategy? > > br hw > > > > -- > View this message in context: > http://openejb.979440.n4.nabble.com/Asynchronous-principal-propagation-tp4669547p4669591.html > Sent from the OpenEJB User mailing list archive at Nabble.com. >
