You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Alexander Klimetschek (JIRA)" <ji...@apache.org> on 2015/02/03 04:31:34 UTC

[jira] [Updated] (SLING-4301) Support user.jcr.session.logout option for the jcr resource provider

     [ https://issues.apache.org/jira/browse/SLING-4301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alexander Klimetschek updated SLING-4301:
-----------------------------------------
    Attachment: SLING-4301.patch

> Support user.jcr.session.logout option for the jcr resource provider
> --------------------------------------------------------------------
>
>                 Key: SLING-4301
>                 URL: https://issues.apache.org/jira/browse/SLING-4301
>             Project: Sling
>          Issue Type: Improvement
>          Components: JCR
>            Reporter: Alexander Klimetschek
>         Attachments: SLING-4301.patch
>
>
> Add a new AuthenticationInfo option {{user.jcr.session.logout}} that if set to true would automatically close the session passed via {{user.jcr.session}} at the end of the request.
> Purpose: As discussed on the [list|http://sling.markmail.org/thread/ceshw42z63r4bu7i], when using [user.jcr.session|http://sling.apache.org/apidocs/sling6/org/apache/sling/jcr/resource/JcrResourceConstants.html#AUTHENTICATION_INFO_SESSION] to pass a session created by an AuthenticationHandler itself, this is currently never closed (since the original use case for it comes from somewhere else where this wasn't required). The only way to use it from an AuthenticationHandler is to also implement a ServletFilter that tracks it and closes the session "manually" at the end of the request, which is bad since this would create another servlet filter for each authentication handler that wishes to use this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)