IIRC, the default configuration for tapestry-acegi resulted in ROLE_ANONYMOUS being given to unauthenticated users. That resulted in the creation of the session.
Also, I hit issues in testing where I would go back to the login page and log in as a different user. Unfortunately, I still had page state left over from the original login, so now I invalidate the session to clear any user-specific state. Jonathan > -----Original Message----- > From: rs1050 [mailto:[EMAIL PROTECTED] > Sent: Sunday, December 07, 2008 20:58 > To: users@tapestry.apache.org > Subject: RE: tapestry-spring-security: how to set ASO on successful login? > > > Why do you expect that the session already exists so that you have to > invalidate it? Does spring-security create it automatically? > > > Session s = _request.getSession(false); > > s.invalidate(); > > s = _request.getSession(true); > > -- > View this message in context: http://www.nabble.com/tapestry-spring- > security%3A-how-to-set-ASO-on-successful-login--tp20865863p20888463.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
