[SLING-1270] Replace Session.logout from SlingMainServlet - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Engine 2.0.6
Fix Version/s: Engine 2.1.0
Component/s: Engine
Labels:
None

Description

The new Commons Auth bundle from ~~SLING-966~~ registers a ServletRequestListener to be informed when the request has terminated and the session may be logged out. Currently, the Http Service implementation does not support such listeners and the session may not be logged out at all.

As a workaround the Commons Auth bundle implements a Java VM finalize() method to try to ensure logging the session out.

As a further workaround the SlingMainServlet should - in a finally clause - logout the session of the request's resource resolver.

The SlingMainServlet configuration should be removed as soon as we can reasonably be sure of ServletRequestListener support.

Attachments

Activity

People

Assignee:: Felix Meschberger

Reporter:: Felix Meschberger

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 06/Jan/10 10:34

Updated:: 30/Aug/10 12:48

Resolved:: 26/Aug/10 20:11