glassfish_at_javadesktop.org wrote:
>Actually I solved the problem by invalidating the session by calling session.invalidate() from logou.jsp (placed out of secured area) instead of calling it from JSF action bean and redirecting to secured area again using meta tag - kind of weird solution, but sending request.getRequestDispatcher("/secure/somethink.jsp").forward(request, response) did not invalidate seession (even after invalidation :))
>
>
Can you please be more specific as to the exact call flow of what worked
and what
did not work?
Did you originally invalidate the session from within
/secure/somethink.jsp, which is
protected by FORM auth and which you invoked via RD.forward()?
What did you do next that did not have the intended effect, giving you
the impression
that the session had not been invalidated?
Thanks,
Jan