shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Sahlbach (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SHIRO-454) Provide a way to logout a user without destroying the http session
Date Mon, 29 Jul 2013 09:13:49 GMT
Andreas Sahlbach created SHIRO-454:
--------------------------------------

             Summary: Provide a way to logout a user without destroying the http session
                 Key: SHIRO-454
                 URL: https://issues.apache.org/jira/browse/SHIRO-454
             Project: Shiro
          Issue Type: Improvement
          Components: Authentication (log-in), Session Management
    Affects Versions: 1.2.1
            Reporter: Andreas Sahlbach


I am using Shiro together with Vaadin, but the following should be true for all GWT based
rich clients. 

If you are using these kind of frameworks, you mostly want to handle login and logout within
the application itself. If this is the case, you absolutely don't want that a logout destroys
the http session. Because that will alert the user that the session is gone and will force
the user to reload the whole application and starting from scratch.

Please: Just give me the possibility to do a user logout. As a workaround I inherited from
DefaultWebSecurityManager and overwrote the logout method to do everything but the http session
invalidation. But that's a lot of cut and paste code and it could be easily provided by introducing
a configurable setting or parameter for the logout.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message