JBoss 5.1/JBossweb-2.1.12 Invalidating session does not invalidate all SSO session

Latest response

We are using the unclustered SSO valve. Invalidating a session does not invalidate all other session tied to the SSO cookie. The problem is intermittent. Upgrading to a newer version of JBoss is not an option, so I am looking for a configuration or patch solution. I am not entirely sure yet, but I think that when it does work the org.apache.catalina.authenticator.SingleSignOn.deregister method is being invoked and when it fails, it is not. So, perhaps it is a problem with HttpSessionListeners not firing correctly, or in the wrong order.

Responses