You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (JIRA)" <ji...@apache.org> on 2010/03/09 08:45:27 UTC
[jira] Updated: (SLING-1270) Replace Session.logout from
SlingMainServlet
[ https://issues.apache.org/jira/browse/SLING-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler updated SLING-1270:
------------------------------------
Fix Version/s: Engine 2.1.0
Schedulung for 2.1.0 release again and using new close method from resource resolver
> Replace Session.logout from SlingMainServlet
> --------------------------------------------
>
> Key: SLING-1270
> URL: https://issues.apache.org/jira/browse/SLING-1270
> Project: Sling
> Issue Type: Task
> Components: Engine
> Affects Versions: Engine 2.0.6
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Engine 2.1.0
>
>
> The new Commons Auth bundle from SLING-966 registers a ServletRequestListener to be informed when the request has terminated and the session may be logged out. Currently, the Http Service implementation does not support such listeners and the session may not be logged out at all.
> As a workaround the Commons Auth bundle implements a Java VM finalize() method to try to ensure logging the session out.
> As a further workaround the SlingMainServlet should - in a finally clause - logout the session of the request's resource resolver.
> The SlingMainServlet configuration should be removed as soon as we can reasonably be sure of ServletRequestListener support.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.