spring security problem using grails

Question

I am new to grails and spring security plugin core, but i am facing a problem of

ERROR GrailsExceptionResolver - a different object with the same identifier value was already associated with the session: [nayax.SecUserSecRole#nayax.SecUserSecRole: null]

my code is:

NayaxUser populateDataFromJson(def user) {
    //todo: HANDLE CASES OF CREATING ROLES FOR USER AND REAUTHENTICATE THEM
    println "#### In FUNCTION ####"
    Facebook existingProfile = Facebook.findByFid(user.id)
    if (existingProfile) {
        println "### User already present in the database ####"
        existingProfile.setUser(existingProfile.user)

        //todo: CREATE ROLE AND REAUTHENTICATE USER
        SecRole secRole1 = SecRole.findByAuthority(SecRoleConstants.ROLE_USER)
        SecUserSecRole.create(existingProfile.user, secRole1)

        //todo: REAUTHENTICATE USER
        springSecurityService.reauthenticate(existingProfile.user.username)

        existingProfile.user.merge()
        return existingProfile.user
    }
    else {
        Facebook facebookObj = new Facebook(fid: user.id, lastLogin: new Date(), creationDate: new Date()).save(flush: true)
        NayaxUser nayaxUser = new NayaxUser(facebookUrl: user.link, fullName: user.name, facebook: facebookObj, username: user.email, password: springSecurityService.encodePassword("pleaseChangeMe"), enabled: true)
        if (nayaxUser.save(flush: true)) {
            println "### WORK DONE , saved user and save the user in session ###"
            facebookObj.setUser(nayaxUser)

            //todo: CREATE ROLE AND REAUTHENTICATE USER
            SecRole secRole = SecRole.findByAuthority(SecRoleConstants.ROLE_USER)
            SecUserSecRole.create(nayaxUser, secRole)

            //todo: REAUTHENTICATE USER
            springSecurityService.reauthenticate(nayaxUser.username)

            nayaxUser.merge()
            return nayaxUser
        }
        else {
            println "### ERROR IN VALIDATING DATA So NOT SETTING THE USER IN SESSION ####"
            nayaxUser.errors.allErrors.each { error ->
                println("### ERROR IS ${error} ####")
            }
            return nayaxUser
        }
    }
}

Actually, when i am loggin in from the facebook button and then logging out from my implementation and then logging back again quicky then there is an exception but after logging out i refresh the page a few times the problem disappears. I think something is wrong with my facebook logout implementation or is there something in the code???

Any suggestions are welcome..

Answer 1

Try to use facebook javascript api for logout before call your logout controller to clear session and etc eg:

if facebook user exists
  logout facebook user with fb js api
  js redirect to logout controller  
else
  redirect user to logout controller

This logic should be applied in the frontend of your application assuming that if there isn't facebook user, user will be redirected directly to the logout controller.

I have problems with facebook logout with java and php api from the fb application but in that way I overcome those problems.