tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Herrmann <...@jadn.com>
Subject [5] new method, HttpSession.logout()
Date Sun, 11 Aug 2002 03:02:43 GMT
The servlet 2.4 spec adds a new method, "HttpSession.logout()";

How do we implement this?

For the non-single signon case, "logout()" is identical to
"invalidate()"

For single signon, Tomcat currently uses a "single signon valve" which
listens for "Session Destroy" events.  When a "Session Destroy" happens,
all sessions are removed.  A "Session Destroy" happens now when either
invalidate() or logout() happens.  For logout, everything is fine, for
invalidate() - only the session for the current web app should be
removed.

So, when a session logout() or invalidate() is called, what should
happen?  A "Session Destroy" with extra data indicating a logout or
invalidate occured?  Or should a new session event be created to
indicate a "logout" is happening?

comments/ideas?

Cheers,
-bob





-- 
Cheers,
-bob


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message