[uportal-dev] uP3 Portlet Session Invalidation

Wed, 16 Apr 2008 12:52:37 -0700

While doing some load testing on the 3.0 framework today I realized that one bit of portlet related functionality did not make it over from 2.6. This code invalidated all portlet application sessions when the user's portal session was invalidated. The code did this by grabbing a reference to the portlet application's session every time a portlet was dispatched too. When the portal user's session invalidated the CPortletAdapter instances would invalidate their corresponding portlet app sessions. This appears to have worked in 2.6 (though the code is wrapped in a try { } catch (Exception e) { } block). I haven't sat down to read the whole servlet spec but my guess is that holding a reference to a HttpSession object between requests is not supported.
For 3.0 I have another idea though it isn't as complete at cleaning up. It should be possible to include the portlet session invalidation trigger in the Logout servlet. This would provide a request and response which can be used to do a cross-context dispatch (how all portlet rendering is done) which could invalidate the sessions of all portlet applications for the user. The downside to this approach is that if the user's session times out the corresponding portlet application sessions would be left to timeout as well though hopefully they would timeout within a short time of the portal's session. 


I'd really like to hear other folks input on this issue as I'm not sure 
the best approach to take here.


-Eric



Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature






















					Reply via email to