Hi! I have had some problems with T5 5.1.0.5 and tapestry-spring-security 2.1.0 and the logout behaviour.
After logging out, numerous java.lang.IllegalStateExceptions are thrown from all over the place, due to @Persist and @SessionState objects that want's to get stuffed back to the session. I dived into org.apache.tapestry5.internal.services.RequestImpl.getSession(boolean), and it turns out that the following scenario breaks: 1. Session s1 = request.getSession(true); 2. s1.invalidate(); 3. Session s2 = request.getSession(true); 4. assertNotNull(s2); 5. assertNotSame(s1, s2); <===== KA-BOOM!!!! s1 == s2!!! 6. assertFalse(s2.isInvalidated()); I did the same using the underlying HttpServletRequest.getSession(), and it works as expected (verified on Jetty 6.1.5). I have logged the JIRA issue TAP5-891 Olle Hallin Senior Java Developer and Architect olle.hal...@crisp.se www.crisp.se
