Replace Session.logout from SlingMainServlet
--------------------------------------------
Key: SLING-1270
URL: https://issues.apache.org/jira/browse/SLING-1270
Project: Sling
Issue Type: Task
Components: Engine
Affects Versions: Engine 2.0.6
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Engine 2.1.0
The new Commons Auth bundle from SLING-966 registers a ServletRequestListener
to be informed when the request has terminated and the session may be logged
out. Currently, the Http Service implementation does not support such listeners
and the session may not be logged out at all.
As a workaround the Commons Auth bundle implements a Java VM finalize() method
to try to ensure logging the session out.
As a further workaround the SlingMainServlet should - in a finally clause -
logout the session of the request's resource resolver.
The SlingMainServlet configuration should be removed as soon as we can
reasonably be sure of ServletRequestListener support.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
