java - Session mixup for jsf sessionscope and jaas login module -
we have customloginmodule
(extending usernamepasswordloginmodule
) puts user , session references in map @ login time. stored in @javax.enterprise.context.applicationscoped
bean.
at logout, these references removed. capture unexpected logouts, method remove these references called @predestroy
method of javax.enterprise.context.sessionscoped
bean.
when user logs in @ 2 locations, first location's session invalidated, , it's reference removed map. means when user logs in @ second location, corresponding record removed map, , @predestroy
method tries remove again.
not big problem say, we'll pass currect session reference @predestroy
method, , compare session in map, , remove session, if both equal. however, , herein lies question, apparently @predestroy
method of new instance called on session logout. after @predestroy
method called, same session bean happily continues function.
i'm not interested in alternatives, since there plenty. wondering how possible.
the classes in question complicated paste here, tried render intentions:
login module:
public class customloginmodule extends usernamepasswordloginmodule { login(){ sessionmap.addtomap(username, currentsession); } }
applicationscoped:
@applicationscoped public class sessionmap{ addtomap(string username, httpsession currentsession){ // present session previoussession.invalidate(); // triggers predestroy of sessionscoped // remove previous session map // put new session in map } }
sessionscoped:
@sessionscoped public mysessionbean{ @predestroy public void removesession(){ // predestroy called after session invalidated in addtomap method // however, if log hash of class, see second // class's predestroy called, not first sessionmap.removefrommap(username, currentsession); } }
Comments
Post a Comment