Hi!
I was trying to figure out a solution for the MAGNOLIA-87 New Feature (logout
button would be nice).
My investigations showed me that for a correct logout functionality the
following must be done:
1/ set response status to SC_UNAUTHORIZED
2/ set response header WWW-Authenticate
3/ call SessionAccessControl.invalidateUser
4/ javax.jcr.Session.logout
What I am finding more difficult is a way to put this functionality to work. And here I can think of
2 solutions:
1/ after the logout confirmation, create a request to a jsp or servlet that is doing the aboves. But
the scenario doesn't seem to work as:
- the user is prompted with the login dialog
- if he provides correct credentials the request URL is hitting again the
logout [jsp|servlet].
Do you know a way to make the request redirect to contextPath?
2/ after logout confirmation, create a cookie that will be process in the filters (most probably in
the SecurityFilter)
In this case the scenario may work as:
- the user is prompted with the login dialog
- if he provides correct credentials than the request URL is hitting
contextPath (it is oke)
- if he cancels than a small message can be displayed: You have been logged out.
What do you think is the better way to do it?
./alex
--
.w( the_mindstorm )p.
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------
