On 12.01.2015, at 14:53, Alexander Klimetschek <aklim...@adobe.com> wrote: > Ack, sounds good. I created https://issues.apache.org/jira/browse/SLING-4301
I attached a patch. But while testing it, I had a problem, see https://issues.apache.org/jira/browse/SLING-4301?focusedCommentId=14276415&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14276415 We currently have to use HttpServlets directly registered with the osgi HttpService (since we need to handle wildcard paths), i.e. not sling servlets, but we reuse the sling authenticator in handleSecurity. This works fine with other, normal ways of logging in to the JCR using e.g. jackrabbit tokens, this problem only comes up with the user.jcr.session + logout approach. Any ideas? Cheers, Alex