You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2010/01/07 14:50:21 UTC

[jira] Updated: (SLING-1270) Replace Session.logout from SlingMainServlet

     [ https://issues.apache.org/jira/browse/SLING-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger updated SLING-1270:
-------------------------------------

    Fix Version/s:     (was: Engine 2.1.0)

Descheduling from the 2.1.0 release. This will have to be done later.

For now we keep the workaround code (though the finalize() implementation seems to catch-up good enough)

> Replace Session.logout from SlingMainServlet
> --------------------------------------------
>
>                 Key: SLING-1270
>                 URL: https://issues.apache.org/jira/browse/SLING-1270
>             Project: Sling
>          Issue Type: Task
>          Components: Engine
>    Affects Versions: Engine 2.0.6
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>
> The new Commons Auth bundle from SLING-966 registers a ServletRequestListener to be informed when the request has terminated and the session may be logged out. Currently, the Http Service implementation does not support such listeners and the session may not be logged out at all.
> As a workaround the Commons Auth bundle implements a Java VM finalize() method to try to ensure logging the session out.
> As a further workaround the SlingMainServlet should - in a finally clause - logout the session of the request's resource resolver.
> The SlingMainServlet configuration should be removed as soon as we can reasonably be sure of ServletRequestListener support.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.