Hi! I need to integrate BlazeDS security with an external security mechanism so I have implemented custom authentication as described in http://livedocs.adobe.com/blazeds/1/blazeds_devguide/help.html?content=services_security_1 .html. Now I need to invalidate user authentication on server upon certain circunstances. When this happens, I invalidate Session contained in Request parameter of invoke method of TomcatValve. This seems to work but I get a nasty "Duplicated Http Session" in Flex client telling that cookies where removed in server. Is there any clear way to invalidate current user login from BlazeDS?
I've also tried invalidating FlexSession but then Flex clients hangs.