I am new to weblogic and am porting over a series of web applications from jboss. I have multiple war's that I deploy to the same weblogic server. All of them are configured for Form based authentication backed by active directory.
I'm having issues logging out of the applications however. I have one of the applications that serves as my login application that contains the actual login.jsp form. It also has a logout servlet that calls session.invalidate(). After calling this, i can't access protected pages in the main application, but can access protected pages in the other applications.
From what I've been reading, weblogic 11g shares the same session across all applications, which makes sense with what I am seeing. I'm finding references to using the following to invalidate a session across all applications:
invalidateAll(HttpServletRequest req)
in package
weblogic.servlet.security.ServletAuthentication
However, I can not find this or anything similar in weblogic 11g. Where is this utility class or how should I be doing this?
Thanks
UPDATE:
Based on Josek's answer below, I had to add the following to my weblogic.xml file for all of the applications that I am deploying:
<session-descriptor>
<sharing-enabled>true</sharing-enabled>
</session-descriptor>
The jar that I was looking for is called wls-api.jar that contains the ServletAuthentication class. I was using the zip based 10.3.3.0 version of the web logic server. I found the jar in the installation of the wlserver_10.3 server installation as part of the Weblogic Fusion installation. I just took the jar and added it to our Nexus maven repository.