Brett, After logout / login I see the same session attributes as I set before in the portlet session. I noticed that my, "valueUnbound()" method for attributes in the portlet session is not called for the cleanup I need to do on logout / "portal session invalidation". I then set portlet session expiration time to a short period to check, if valueUnbound() is called at all, ... it is, also on application shutdown. The session.invalidate() on logout is run in a jsp in "portal context". After login with different username I have a different principal in the portlet session, but same session attributes as set before.
javabrett wrote: > > If the HttpSession object is invalidated, the PortletSession object must > also be invalidated by the portlet container. > I read the same here for JSR 168: http://opensource.atlassian.com/confluence/spring/pages/viewpage.action?pageId=3131 I have set emptySessionPath="true" in server.xml. running on JBoss GA 4.2.2, Tomcat version is 6.0.20 Thank you hub javabrett wrote: > > According to Portlet 2.0 spec PLT.18.4: > > If the HttpSession object is invalidated, the PortletSession object > must > also be invalidated by the portlet container. > > How do you detect that your portlet sessions are not being invalidated? > > Brett > > On Tue, Nov 17, 2009 at 10:09 PM, hub <[email protected]> wrote: > >> >> Hello, >> How do I invalidate all portlet sessions on logout? >> >> in my logout.jsp in the portal I do the following >> <% >> session.invalidate(); >> %> >> >> This invalidates the "portal" session but my portlet sessions are not >> invalidated. >> > -- View this message in context: http://old.nabble.com/How-to-invalidate-portlet-session-on-logout--tp26388080p26404569.html Sent from the Pluto - User mailing list archive at Nabble.com.
