You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Bob Herrmann <bo...@jadn.com> on 2002/08/12 20:40:48 UTC

Re: [5] [PATCH] HttpSession.logout()

This patch causes logout() and invalidate() to do the Servlet spec 2.4
"right thing."  I implemented it using the Data field of SessionEvent to
distinguish between logout/invalidate.

Can someone apply this?  THANKS.

Cheers,
-bob

On Sat, 2002-08-10 at 23:02, Bob Herrmann wrote:
> The servlet 2.4 spec adds a new method, "HttpSession.logout()";
> 
> How do we implement this?
> 
> For the non-single signon case, "logout()" is identical to
> "invalidate()"
> 
> For single signon, Tomcat currently uses a "single signon valve" which
> listens for "Session Destroy" events.  When a "Session Destroy" happens,
> all sessions are removed.  A "Session Destroy" happens now when either
> invalidate() or logout() happens.  For logout, everything is fine, for
> invalidate() - only the session for the current web app should be
> removed.
> 
> So, when a session logout() or invalidate() is called, what should
> happen?  A "Session Destroy" with extra data indicating a logout or
> invalidate occured?  Or should a new session event be created to
> indicate a "logout" is happening?
> 
> comments/ideas?
> 
> Cheers,
> -bob
> 
> 
> 
> 
> 
> -- 
> Cheers,
> -bob
> 
> 
> --
> To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>