tbouron commented on a change in pull request #1032: fix session sharing and
simplify logout
URL: https://github.com/apache/brooklyn-server/pull/1032#discussion_r252205040
##########
File path:
rest/rest-api/src/main/java/org/apache/brooklyn/rest/api/LogoutApi.java
##########
@@ -21,34 +21,40 @@
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
+import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Response;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
-import io.swagger.annotations.ApiResponse;
-import io.swagger.annotations.ApiResponses;
@Path("/logout")
@Api("Logout")
public interface LogoutApi {
@POST
- @ApiOperation(value = "Request a logout and clean session")
- @ApiResponses(value = {
- @ApiResponse(code = 307, message = "Redirect to /logout/{user},
keeping the request method")
- })
- Response logout();
+ @ApiOperation(value = "Logout and clean session")
+ Response logout(
+ @ApiParam(value = "Instead of 200 (the default) to indicate
successful logout, "
+ + "return a 401 with this value in a message key in the body
(a 401 will cause browsers to clear some locally cached credentials)",
Review comment:
I'm not too sure about returning a 401 for a successful operation, that is
counter-intuitive. I got you on the argument that a 401 will make the browser
clear the cache but should it be the responsibility of the REST API to take
care of that? I don't think so IMO.
Cannot we return a 200 and handle the credential cache in the UI directly?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
