In the current version, there is noting that prevent us to us a JCR session after a session.logout, so the following code is allowed:
1 Node node = (Node)session.getItem(nodePath) ;
At line #3 we expect a RepositoryException which is not the current case. Once the session has been logout, it should possible to access to Session/Item info but it should not be possible to access to data and even more important to modify some data.
To fix this issue, we could add:
to ItemImpl.checkValid() and also create a method checkValid to SessionImpl with the code above as implementation and call checkValid in all the method that access or modify the data