Hi Jan,
At 11:02 PM 9/20/2004 +0000, you wrote:
luehe 2004/09/16 11:18:41
Modified: catalina/src/share/org/apache/catalina/authenticator SingleSignOn.java Log: - Removed deregister(String ssoid), because it is no longer needed (used to be called when session was logged out, which is no longer supported)
I'm not sure what you meant here by "no longer supported." Do you mean the cross-webapp signout feature that deregister(String ssoid) provided, or has there been some more fundamental change in TC's handling of HttpSession.invalidate()?
I was referring to the removal of javax.servlet.http.HttpSession.logout(), which had been added temporarily to Servlet 2.4 and was later removed before the spec went final. See this log entry in the history of javax.servlet.http.HttpSession:
revision 1.3 date: 2003/04/07 21:27:36; author: jfarcand; state: Exp; lines: +0 -15 As required by the upcoming Servlet spec 2.4 PFD 3, remove the logout() method.
This method was the only method that generated a SessionEvent of type SESSION_DESTROYED_EVENT with event data equal to "logout", which used to invalidate all remaining sessions (if any) associated with the SingleSignOn entry.
The code in sessionEvent() that checked the session's last accessed time was intended as a workaround to try to discriminate timeouts from intentional logouts after the logout() method was removed from the spec. It was applied as a fix to bug 9077, which complained about the SSO valve not invalidating related sessions. The CVS logs for SingleSignOn.java revs 1.7 and 1.11 touch on this and there was also some discussion on the dev list last Nov 24. I'm curious as to why this is no longer supported. Could a config parameter be added to the valve to allow this behavior?
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
