Invalidates session after saying 'session expired'. Fixes #1979

svn changeset:5396/svn branch:trunk

diff --git a/src/com/itmill/toolkit/terminal/gwt/server/ApplicationServlet.java b/src/com/itmill/toolkit/terminal/gwt/server/ApplicationServlet.java
index ead0e181296272e7ceb20bfa4a8f46fd47e473fe..939977b8dba6b981a4d6deac80010f984a84638f 100644 (file)
--- a/src/com/itmill/toolkit/terminal/gwt/server/ApplicationServlet.java
+++ b/src/com/itmill/toolkit/terminal/gwt/server/ApplicationServlet.java
@@ -520,6 +520,10 @@ public class ApplicationServlet extends HttpServlet {
                             .getSessionExpiredCaption(), ci
                             .getSessionExpiredMessage(), ci
                             .getSessionExpiredURL());
+                    // Invalidate session (weird to have session if we're saying
+                    // that it's expired, and worse: portal integration will
+                    // fail since the session is not created by the portal.
+                    request.getSession().invalidate();
                 }
             } catch (SystemMessageException ee) {
                 throw new ServletException(ee);