[
https://issues.apache.org/jira/browse/SLING-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12797052#action_12797052
]
Felix Meschberger commented on SLING-1270:
------------------------------------------
Committed temporary session logout in the SlingMainServlet in Rev. 896372.
> Replace Session.logout from SlingMainServlet
> --------------------------------------------
>
> Key: SLING-1270
> URL: https://issues.apache.org/jira/browse/SLING-1270
> Project: Sling
> Issue Type: Task
> Components: Engine
> Affects Versions: Engine 2.0.6
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
> Fix For: Engine 2.1.0
>
>
> The new Commons Auth bundle from SLING-966 registers a ServletRequestListener
> to be informed when the request has terminated and the session may be logged
> out. Currently, the Http Service implementation does not support such
> listeners and the session may not be logged out at all.
> As a workaround the Commons Auth bundle implements a Java VM finalize()
> method to try to ensure logging the session out.
> As a further workaround the SlingMainServlet should - in a finally clause -
> logout the session of the request's resource resolver.
> The SlingMainServlet configuration should be removed as soon as we can
> reasonably be sure of ServletRequestListener support.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
