You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Alexander Klimetschek (JIRA)" <ji...@apache.org> on 2015/01/12 23:50:35 UTC

[jira] [Created] (SLING-4301) Support user.jcr.session.logout option for the jcr resource provider

Alexander Klimetschek created SLING-4301:
--------------------------------------------

             Summary: Support user.jcr.session.logout option for the jcr resource provider
                 Key: SLING-4301
                 URL: https://issues.apache.org/jira/browse/SLING-4301
             Project: Sling
          Issue Type: Improvement
          Components: JCR
            Reporter: Alexander Klimetschek


Add a new AuthenticationInfo option {{user.jcr.session.logout}} that if set to true would automatically close the session passed via {{user.jcr.session}} at the end of the request.

Purpose: As discussed on the [list|http://sling.markmail.org/thread/ceshw42z63r4bu7i], when using [user.jcr.session|http://sling.apache.org/apidocs/sling6/org/apache/sling/jcr/resource/JcrResourceConstants.html#AUTHENTICATION_INFO_SESSION] to pass a session created by an AuthenticationHandler itself, this is currently never closed (since the original use case for it comes from somewhere else where this wasn't required). The only way to use it from an AuthenticationHandler is to also implement a ServletFilter that tracks it and closes the session "manually" at the end of the request, which is bad since this would create another servlet filter for each authentication handler that wishes to use this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)