Logout problem
When logging out using the logout filter I'm getting an IllegalStateException.
Looking at the exception, it's Jetty that is throwing the IllegalStateException. Diving into the Jetty code, it seems to be because the logout filter gets hit, the session gets invalidated, and then the httpSessionContextIntegrationFilter finishes its processing which tries to make sure the security context is set in the session. But when it does that it only does a check to see if the httpSession it is passed is null, not if it's valid. So, Jetty throws an IllegalStateException because we're trying to modify a session that has been invalidated. I'm not an expert on the servlet spec so I don't know if this is the right thing for Jetty to do or what. Has anyone else run into this problem?Code:2006-11-14 12:36:17,522 126916 DEBUG [btpool0-4] org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices (TokenBasedRememberMeServices.java:215) - Cancelling cookie for reason: Logout of user admin 2006-11-14 12:36:17,523 126917 DEBUG [btpool0-4] org.acegisecurity.ui.session.HttpSessionEventPublisher (HttpSessionEventPublisher.java:113) - Publishing event: org.acegisecurity.ui.session.HttpSessionDestroyedEvent[source=org.mortbay.jetty.servlet.HashSessionManager$Session:78pof58m7ihok@18817368] :WARN: /etg-webapp/j_acegi_logout: java.lang.IllegalStateException at org.mortbay.jetty.servlet.AbstractSessionManager$Session.setAttribute(AbstractSessionManager.java:855) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:243) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274) at org.acegisecurity.securechannel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:138) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274) at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:148)
Thanks,
Rich
