This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I'm developing some J2EE applications that should have common login point. My apps are hosted on GlassFish v3 application server.
There is web.xml based security with FORM method (a HTML form with "j_security_check" action) and JDBC Realm on PostgreSQL 8.4 datasource. It worked absolutely fine while GlassFish SSO was disabled.
Now SSO is enabled on GF's HTTP Service page and it really works fine when I need to log in. Each my application lets a logged user in. But here is another problem.
My logout servlet not always works at first time. It happens quite often (but not each time) that I stay logged in after my logout servlet has done processed the request with no exceptions.
It never happened until SSO was enabled.
Servlet code is below.