Hi, I'm having a problem using the spring security tags to render certain content on the front page.

Currently I have this:

<sec:authorize ifNotGranted="ROLE_ANONYMOUS">
<c:set var="isLoggedIn" value="${true}"/>
</sec:authorize>

This is in my header file, so I know that the user is logged in if he has not been granted an ANONYMOUS role. When I logout, however, either through the user clicking out of session timeout, this variable is still being set to true (so it still shows the logout link and has a timeout).

The way I'm logging out is simply::

req.getSession().invalidate();

Basically invalidating the session. I assumed if I did that then the user would not have a role granted of any kind. Of course, if I refresh the page or hit the same page again, then it works. Whats the problem? Why do I have to hit the page twice before it recognizes that I'm on an anonymous role again?


<bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anon ymous.AnonymousProcessingFilter">
<property name="key" value="changeThis"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>

<bean id="authenticationManager" class="org.springframework.security.providers.Prov iderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<bean class="org.springframework.security.providers.anon ymous.AnonymousAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
</list>
</property>
</bean>