Alexander Klimetschek created SLING-4301:
--------------------------------------------
Summary: Support user.jcr.session.logout option for the jcr
resource provider
Key: SLING-4301
URL: https://issues.apache.org/jira/browse/SLING-4301
Project: Sling
Issue Type: Improvement
Components: JCR
Reporter: Alexander Klimetschek
Add a new AuthenticationInfo option {{user.jcr.session.logout}} that if set to
true would automatically close the session passed via {{user.jcr.session}} at
the end of the request.
Purpose: As discussed on the
[list|http://sling.markmail.org/thread/ceshw42z63r4bu7i], when using
[user.jcr.session|http://sling.apache.org/apidocs/sling6/org/apache/sling/jcr/resource/JcrResourceConstants.html#AUTHENTICATION_INFO_SESSION]
to pass a session created by an AuthenticationHandler itself, this is
currently never closed (since the original use case for it comes from somewhere
else where this wasn't required). The only way to use it from an
AuthenticationHandler is to also implement a ServletFilter that tracks it and
closes the session "manually" at the end of the request, which is bad since
this would create another servlet filter for each authentication handler that
wishes to use this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)