The real cause of this issue, not evicting user content caches upon authentication, is still not fixed when not creating a new session upon authentication (although that's the default now).
As I'm deep in the content cache handling already for integrating public render parameters cache management, I noticed we do have the proper evicting already coded upon session invalidation within JetspeedServlet.
As the evicting requires 3 different Spring components and several lines of logic, I'll move the code from JetspeedServlet to a new UserContentCacheManager with a single evictUserContentCache method.
This method then needs to be invoked from the following situations:
- LoginRedirectorServlet.doGet (after container authentication)
- PortalFilter and ShibbolethPortalFilter doFilter (after custom authentication)
- and should also be called by any other custom PortalFilter
Configuration of the UserContentCacheManagerImpl will be done in cache.xml