You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by tapestryphoto <ph...@digiatlas.org> on 2009/01/23 10:22:50 UTC
T5: how to invalidate session on logout?
I need to be able to reset everything when the user logs out.
Currently @Persist objects are still available if the user logs in
again with the same browser instance. This isn't very optimal.
I have searched the mail archive and found some comments on this issue
made at the end of 2007. I'm wondering if there is a standard way to
do this. The Wiki appears to be silent on the issue - I would have
thought this would have had more importance than it seems to have.
According to these prehistoric ;-) postings to the mailing list, one
should inject RequestGlobals and then call invalidate() on the session.
Is this still the way to do this? It seems rather clunky and
non-obvious - especially for the novice T5 programmer who is shown
numerous examples of logins and ASOs and how to use @Persist. The T5
page about persistance strategies is also silent on the issue (apart
from mentioning discardPersistentFieldChanges() - but that would
require running the method on every page when logging out).
Thoughts?
p.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: how to invalidate session on logout?
Posted by Thiago HP <th...@gmail.com>.
I would create an EventLink (the logout link) that, when clicked,
invalidates the session.
<a href="#" t:type="EventLink" t:event="logout">Logout</a>
@Inject
private Request request;
@OnEvent("logout)"
void logout() {
request.getSession().invalidate();
}
--
Thiago
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: T5: how to invalidate session on logout?
Posted by Kristian Marinkovic <kr...@porsche.co.at>.
invalidating the http session is the way to go because all the persist and
ASO objects are stored there.
i have a LogoutService that is called when a user wants to log out. this
service only deletes an artifact that is used to verify the successfull
login.
in an dispatcher (see AccessController on the wiki) the artifact is
checked
and if it does not exist the httpsession is invalidated.
g,
kris
tapestryphoto <ph...@digiatlas.org>
23.01.2009 10:22
Bitte antworten an
"Tapestry users" <us...@tapestry.apache.org>
An
users@tapestry.apache.org
Kopie
Thema
T5: how to invalidate session on logout?
I need to be able to reset everything when the user logs out.
Currently @Persist objects are still available if the user logs in
again with the same browser instance. This isn't very optimal.
I have searched the mail archive and found some comments on this issue
made at the end of 2007. I'm wondering if there is a standard way to
do this. The Wiki appears to be silent on the issue - I would have
thought this would have had more importance than it seems to have.
According to these prehistoric ;-) postings to the mailing list, one
should inject RequestGlobals and then call invalidate() on the session.
Is this still the way to do this? It seems rather clunky and
non-obvious - especially for the novice T5 programmer who is shown
numerous examples of logins and ASOs and how to use @Persist. The T5
page about persistance strategies is also silent on the issue (apart
from mentioning discardPersistentFieldChanges() - but that would
require running the method on every page when logging out).
Thoughts?
p.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org