glassfish_at_javadesktop.org wrote:
>On a lark, as I think we had some kind of issue like this before, try disabling Single Sign On. Single Sign On is managed by a cookie, and not the session. So, when you come back and it finds out you're not logged in (via the session), it conveniently logs you back in via SSO.
>
>
Actually, it should not do that. :)
If you explicitly invalidate a session that participates in SSO,
the SSO entry is supposed to be removed, meaning that the
corresponding SSO cookie will not be honored on subsequent
requests.
If, on the other hand, the session has become invalid by virtue of
having expired, only the expired session will be removed
from the SSO entry, but any other sessions participating in
SSO will not be affected. If the session that expired was the
last session participating in SSO, the SSO entry will be purged,
of course, to prevent memory leaks.
Jan
>[Message sent by forum member 'whartung' (whartung)]
>
>http://forums.java.net/jive/thread.jspa?messageID=224709
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>