extension to LogoutServlet

[Jacek Wiślicki <ja...@gmail.com>]

Hi,
	there was some time ago a thread on login pipeline and leaving session 
attributes after calling invalidate() on a HttpSession object in 
LogoutServlet. What about extending it with this code:

HttpSession session = request.getSession();
Enumeration attrNames = session.getAttributeNames();
while(attrNames.hasMoreElements())
	session.removeAttribute(attrNames.nextElement().toString());

I'm not sure if it could have any influence on other portal components 
or processes (maybe some attributes should be persistent?), but it seems 
to work fine in my portal.

-- 
pozdrawiam,
     Jacek Wislicki

jacek.wislicki@gmail.com
tel.: +48 502 408 444
gg: 2540358
skype: jacek_wislicki

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org

Re: extension to LogoutServlet

[Aaron Evans <aa...@gmail.com>]

Hmm, I'll have to try that and see if it works for me.

The way I solved it was that for logout, I send to a logout servlet in
my custom app that invalidates the session in that app and then
redirects to the jetspeed logout.  Obviously, this isn't a good
solution when you have multiple portlet apps deployed.

I'm using tomcat SSO as well and I think maybe there were multiple
session objects under the different apps and so one was retaining
references to the objects even when the other session was invalidated
(although I am not sure).   But if changes to one sesssion are
propagated to the other, then maybe this will work.

The funny thing is that under SSO, if you call invalidate on one
session, then all application sessions should be invalidated so it
shouldn't be a problem at all.  Anyway, I'll give it a shot...


On 5/10/06, Jacek Wiślicki <ja...@gmail.com> wrote:
> Hi,
>         there was some time ago a thread on login pipeline and leaving session
> attributes after calling invalidate() on a HttpSession object in
> LogoutServlet. What about extending it with this code:
>
> HttpSession session = request.getSession();
> Enumeration attrNames = session.getAttributeNames();
> while(attrNames.hasMoreElements())
>         session.removeAttribute(attrNames.nextElement().toString());
>
> I'm not sure if it could have any influence on other portal components
> or processes (maybe some attributes should be persistent?), but it seems
> to work fine in my portal.
>
> --
> pozdrawiam,
>      Jacek Wislicki
>
> jacek.wislicki@gmail.com
> tel.: +48 502 408 444
> gg: 2540358
> skype: jacek_wislicki
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>

Re: extension to LogoutServlet

[David Sean Taylor <da...@bluesunrise.com>]

Jacek Wiślicki wrote:
> Hi,
>     there was some time ago a thread on login pipeline and leaving 
> session attributes after calling invalidate() on a HttpSession object in 
> LogoutServlet. What about extending it with this code:
> 
> HttpSession session = request.getSession();
> Enumeration attrNames = session.getAttributeNames();
> while(attrNames.hasMoreElements())
>     session.removeAttribute(attrNames.nextElement().toString());
> 
> I'm not sure if it could have any influence on other portal components 
> or processes (maybe some attributes should be persistent?), but it seems 
> to work fine in my portal.
> 
sounds useful, but maybe it should be optional for those of us using 
other solutions

recommend creating a jira issue for it and provide a patch

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org