Alexander Klimetschek created SLING-4301:
--------------------------------------------

             Summary: Support user.jcr.session.logout option for the jcr 
resource provider
                 Key: SLING-4301
                 URL: https://issues.apache.org/jira/browse/SLING-4301
             Project: Sling
          Issue Type: Improvement
          Components: JCR
            Reporter: Alexander Klimetschek


Add a new AuthenticationInfo option {{user.jcr.session.logout}} that if set to 
true would automatically close the session passed via {{user.jcr.session}} at 
the end of the request.

Purpose: As discussed on the 
[list|http://sling.markmail.org/thread/ceshw42z63r4bu7i], when using 
[user.jcr.session|http://sling.apache.org/apidocs/sling6/org/apache/sling/jcr/resource/JcrResourceConstants.html#AUTHENTICATION_INFO_SESSION]
 to pass a session created by an AuthenticationHandler itself, this is 
currently never closed (since the original use case for it comes from somewhere 
else where this wasn't required). The only way to use it from an 
AuthenticationHandler is to also implement a ServletFilter that tracks it and 
closes the session "manually" at the end of the request, which is bad since 
this would create another servlet filter for each authentication handler that 
wishes to use this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to