Changes to AM Session Attributes are not being reflected in the Web Agents headers like the J2EE Agents provide.
User A logs into through a protected URL … we have a custom auth module that, if the user has multiple account numbers in DB, displays a selection screen with all account numbers
Once User A selects the account number (eg. Account Number # 1) we store that in an OpenAM Session called CUSTACCT
The user is redirected to the the protected URL and the WebAgent populates CUST ACCT in the headers, which is accessible to customer’s protected web app
User A decides they want to look at information from Account Number #2
They click on a link to our account chooser.jsp (same logic as custom auth module) user selects account # 2 and JSP makes rest call to update openam session
User A returns to previous page (page is reloaded)
User A still sees account number # 1 on the page that is reading from the headers
Currently the webagent removes cached user data (session/policy) on a new NotificationSet from AM with state="destroyed" in it or when cache TTL (set again by AM) times out.
This is a request to update web agent cache when a new NotificationSet that is not in state="destroyed" but also in state="vaild".
If a Session based attribute gets changed, the agent should refresh it's cache and update the headers/cookie as seen in the J2EE agent