> >On a lark, as I think we had some kind of issue like
> this before, try disabling Single Sign On. Single
> Sign On is managed by a cookie, and not the session.
> So, when you come back and it finds out you're not
> logged in (via the session), it conveniently logs you
> back in via SSO.
>
> Actually, it should not do that. :)
>
> If you explicitly invalidate a session that
> participates in SSO,
> the SSO entry is supposed to be removed, meaning that
> the
> corresponding SSO cookie will not be honored on
> subsequent
> requests.
Oh, I'm confident that it shouldn't do that, but I do know that I encountered a similar issue, and turning SSO off "solved" it. Perhaps its a bug that was later fixed, I don't recall the version I was running (most likely v1b14, however).
But that's why I said "on a lark".
[Message sent by forum member 'whartung' (whartung)]
http://forums.java.net/jive/thread.jspa?messageID=224746