tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Herrmann <>
Subject [5] new method, HttpSession.logout()
Date Sun, 11 Aug 2002 03:02:43 GMT
The servlet 2.4 spec adds a new method, "HttpSession.logout()";

How do we implement this?

For the non-single signon case, "logout()" is identical to

For single signon, Tomcat currently uses a "single signon valve" which
listens for "Session Destroy" events.  When a "Session Destroy" happens,
all sessions are removed.  A "Session Destroy" happens now when either
invalidate() or logout() happens.  For logout, everything is fine, for
invalidate() - only the session for the current web app should be

So, when a session logout() or invalidate() is called, what should
happen?  A "Session Destroy" with extra data indicating a logout or
invalidate occured?  Or should a new session event be created to
indicate a "logout" is happening?




To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message