Seems to be a problem with our application setup/configuration and a problem
more with the login, rather than the logout!
We have a separate application for authentication, which we are forwarding to
for authentication. Upon successful authentication the SSO session listener
is added to the authentication session context, but not to the application
session context. This means when the first logout doesn't clear down the
SSO session, as there is no listener registered. The next request then
creates a new session which the SSO session listener is automatically added
to. When the new session is then invalidated the SSO session is now cleared
down properly as the listener gets the event.
How can I therefore get the SSO listener added to both sessions, or I guess
equivalently - what is the best way of implementing form based authentication
in a separate application?
Thanks,
Peter.
--
[Message sent by forum member 'teagtera']
View Post: http://forums.java.net/node/801805