[
https://issues.apache.org/jira/browse/SLING-4301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14302727#comment-14302727
]
Alexander Klimetschek commented on SLING-4301:
----------------------------------------------
Finally got back to this: it was indeed an explicit session close in my
authentication handler - sorry for the confusion!
I validated the patch works now properly. Updated [^SLING-4301.patch] as it was
not against the latest svn version.
> Support user.jcr.session.logout option for the jcr resource provider
> --------------------------------------------------------------------
>
> Key: SLING-4301
> URL: https://issues.apache.org/jira/browse/SLING-4301
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Reporter: Alexander Klimetschek
> Attachments: SLING-4301.patch
>
>
> Add a new AuthenticationInfo option {{user.jcr.session.logout}} that if set
> to true would automatically close the session passed via {{user.jcr.session}}
> at the end of the request.
> Purpose: As discussed on the
> [list|http://sling.markmail.org/thread/ceshw42z63r4bu7i], when using
> [user.jcr.session|http://sling.apache.org/apidocs/sling6/org/apache/sling/jcr/resource/JcrResourceConstants.html#AUTHENTICATION_INFO_SESSION]
> to pass a session created by an AuthenticationHandler itself, this is
> currently never closed (since the original use case for it comes from
> somewhere else where this wasn't required). The only way to use it from an
> AuthenticationHandler is to also implement a ServletFilter that tracks it and
> closes the session "manually" at the end of the request, which is bad since
> this would create another servlet filter for each authentication handler that
> wishes to use this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
