I'm running the WAS 6.40 SP5 + EP 6 SP4 preview.
I have an EAR running in the J2EE Engine.
I have a servlet filter able to call UMFactory.getAuthenticator().forceLoggedInUser(), and I successfully can obtain an IUser.
My problem is single sign off. I navigate to the EP front page /irj, and then click "Log off" there. The next time I visit my own application and hit the filter, forceLoggedInUser() returns the previously logged in user -- not null. The MYSAPSSO2 cookie is now set to the empty string, whereas when the user was logged in it was non-empty. Could forceLoggedInUser() be looking in some private session state to retrieve the user rather than using the cookie?
Thanks in advance if you can straighten me out.
If my own code calls UMFactory.getAuthenticator().forceLoggedInUser(), then when I navigate to the front page of either my application or of the EP, I am presented with a login page