-- Dipl.-Inf. (Univ.) Henning P. Schmiedehausen INTERMETA GmbH [EMAIL PROTECTED] +49 9131 50 654 0 http://www.intermeta.de/
Java, perl, Solaris, Linux, xSP Consulting, Web Services freelance consultant -- Jakarta Turbine Development -- hero for hire
--- Begin Message ---> > The problem with this idea is that we will lose session pull tools since > they will be removed before the login action executes. > > I suggest that we make Turbine.logoutUser invalidate the session. We > could then remove the existing code in Turbine.loginUser() that removes > all of the data from the session. > > Anyone see a problem with this? I was thinking about this and now I know why. :-) Consider the case where you have an application that has "authenticated" and "non-authenticated" parts. E.g. a portal site where you can access information put need to log in when you want to post. It might be possible that a user starts a (servlet) session, browses for a while, then logs in, posts some articles and logs out again. Currently, the next requests would stay in the same servlet session. Your proposal would start a new session right at this moment. I'm not sure if there are not applications that rely on the fact that you can log out but stay in the same servlet session. Regards Henning -- Dipl.-Inf. (Univ.) Henning P. Schmiedehausen INTERMETA GmbH [EMAIL PROTECTED] +49 9131 50 654 0 http://www.intermeta.de/ Java, perl, Solaris, Linux, xSP Consulting, Web Services freelance consultant -- Jakarta Turbine Development -- hero for hire
--- End Message ---
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
