tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Herrmann <...@jadn.com>
Subject Re: [5] [PATCH] HttpSession.logout()
Date Mon, 12 Aug 2002 18:40:48 GMT

This patch causes logout() and invalidate() to do the Servlet spec 2.4
"right thing."  I implemented it using the Data field of SessionEvent to
distinguish between logout/invalidate.

Can someone apply this?  THANKS.

Cheers,
-bob

On Sat, 2002-08-10 at 23:02, Bob Herrmann wrote:
> The servlet 2.4 spec adds a new method, "HttpSession.logout()";
> 
> How do we implement this?
> 
> For the non-single signon case, "logout()" is identical to
> "invalidate()"
> 
> For single signon, Tomcat currently uses a "single signon valve" which
> listens for "Session Destroy" events.  When a "Session Destroy" happens,
> all sessions are removed.  A "Session Destroy" happens now when either
> invalidate() or logout() happens.  For logout, everything is fine, for
> invalidate() - only the session for the current web app should be
> removed.
> 
> So, when a session logout() or invalidate() is called, what should
> happen?  A "Session Destroy" with extra data indicating a logout or
> invalidate occured?  Or should a new session event be created to
> indicate a "logout" is happening?
> 
> comments/ideas?
> 
> Cheers,
> -bob
> 
> 
> 
> 
> 
> -- 
> Cheers,
> -bob
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message