You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Bob Herrmann <bo...@jadn.com> on 2002/08/12 20:40:48 UTC
Re: [5] [PATCH] HttpSession.logout()
This patch causes logout() and invalidate() to do the Servlet spec 2.4
"right thing." I implemented it using the Data field of SessionEvent to
distinguish between logout/invalidate.
Can someone apply this? THANKS.
Cheers,
-bob
On Sat, 2002-08-10 at 23:02, Bob Herrmann wrote:
> The servlet 2.4 spec adds a new method, "HttpSession.logout()";
>
> How do we implement this?
>
> For the non-single signon case, "logout()" is identical to
> "invalidate()"
>
> For single signon, Tomcat currently uses a "single signon valve" which
> listens for "Session Destroy" events. When a "Session Destroy" happens,
> all sessions are removed. A "Session Destroy" happens now when either
> invalidate() or logout() happens. For logout, everything is fine, for
> invalidate() - only the session for the current web app should be
> removed.
>
> So, when a session logout() or invalidate() is called, what should
> happen? A "Session Destroy" with extra data indicating a logout or
> invalidate occured? Or should a new session event be created to
> indicate a "logout" is happening?
>
> comments/ideas?
>
> Cheers,
> -bob
>
>
>
>
>
> --
> Cheers,
> -bob
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>