Hi All…
I’ m using cuba platform 6.86
When I use REST , I try to disconnect user session from web but my REST client is still active because their token not been revoked,
why this is happening?
Thanks
Hi, that’s how it works.
When you try to access some resource using the valid token (it was not revoked and it is not expired) then the system checks that a user session related to the token exists. If it exists, then the user session is used. If it doesn’t exist a new user session is created.
This behavior is required, for example, because application server restart should no make tokens invalid.
If you need to revoke the token, use the revoke endpoint or com.haulmont.cuba.security.jmx.ServerTokenStoreMBean#removeTokensByUserLogin MBean method.
