I'm developing some J2EE applications that should have common login point. My apps are hosted on GlassFish v3 application server.
There is web.xml based security with FORM method (a HTML form with "j_security_check" action) and JDBC Realm on PostgreSQL 8.4 datasource. It worked absolutely fine while GlassFish SSO was disabled.
Now SSO is enabled on GF's HTTP Service page and it really works fine when I need to log in. Each my application lets a logged user in. But here is another problem.
My logout servlet not always works at first time. It happens quite often (but not each time) that I stay logged in after my logout servlet has done processed the request with no exceptions.
It never happened until SSO was enabled.
Servlet code is below.