boneyard
Nov 05, 2013MVP
ACCESS::session remove not working as expected
im trying to invalidate an active APM session by using ACCESS::session remove from the HTTP_REQUEST event. only that specific request is still going through. if i refresh afterwards it fails and redirects me to the policy, so the session was removed (the logs says the same) but the the request in which the ACCESS::session remove is called goes through. same if i perform a HTTP::redirect after the ACCESS::session remove.
am i missing something here? what would be the way to invalidate a session for the HTTP request you are performing at that moment.