cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Hunsberger" <>
Subject Re: Session invalidate fails from flow?
Date Thu, 13 Jul 2006 16:02:11 GMT
On 7/6/06, Peter Hunsberger <> wrote:
> On 7/6/06, Peter Hunsberger <> wrote:
> > I'm attempting to migrate some more of our code from sitemap based
> > action handlers to flow.  Cocoon is at 2.1.8 and I'm seeing problems
> > invalidating sessions from flow.
> >

Found the problem.  With JBoss 4, the sesionId is not disposed of when
session.invalidate() is called.  Instead, it is reused on the next
request if the JSESSIONID cookie still exists in the browser (it's
normally an in memory cookie).  This is a change from JBOSS 3
(probably Tomcat 5 related).  If you need unqiue sessionIds per
session (I can see that for some clustering options you might want to
track session across failover) then the solution is to clober the
JSESSIONID cookie at the time you invalidate the session.

Peter Hunsberger

View raw message