Session handling, Session still invalidated when trying to log in
I have an application using form based security with JSF on SJAS.
Loggin in the first time works fine and I log out the user with:
<%
session.invalidate();
session = request.getSession(true);
response.sendRedirect("main.faces");
return;
%>
Which redirects him to the log in page again, which is good. The only problem is that when the user logs in again I try to set the user attributes with:
session = request.getSession(true);
session.setAttribute("userid","5");
And this results in a crash with the message:
Servlet.service() for servlet Faces Servlet threw exception
java.lang.IllegalStateException: getAttribute: Session already invalidated
at org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1113)
(I'm not sure these are the lines causing the crash but they are the ones first in the JSP page, it could be that the crash is caused by the SJAS security mechanism)
Anyone has any idea to what is causing this? Shouldn't request.getSession(true); result in a new fresh session that is not invalidated?
Thanks for any help!
/Richard
