Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Duplicate
    • Labels:
      None

      Description

      Servlet 3.0 introduced the HttpServletRequest#logout method.

      Invoking this method does not seem to cause any method on a configured auth module to be invoked. This makes it impossible for an auth module to fully manage the authentication session. A specific use case is the implementation of a "remember me" functionality. For this the auth module can e.g. insert a cookie into the response after a successful initial authentication. This cookie should then live beyond a session expiration, but has to be removed when a user explicitly log outs.

      Without the auth module being notified of such an explicit logout invocation, there is no opportunity to remove said cookie.

        Activity

        Hide
        arjan tijms added a comment -

        After investigating what the most well known implementations (JBoss, GlassFish, Geronimo, WebLogic and WebSphere) do, it appears that in none of them HttpServletRequest#logout causes any method on a SAM to be invoked, except for Geronimo. In Geronimo calling logout() causes cleanSubject() on the SAM to be invoked.

        p.s. JASPIC_SPEC-4 also mentions logout.

        Show
        arjan tijms added a comment - After investigating what the most well known implementations (JBoss, GlassFish, Geronimo, WebLogic and WebSphere) do, it appears that in none of them HttpServletRequest#logout causes any method on a SAM to be invoked, except for Geronimo. In Geronimo calling logout() causes cleanSubject() on the SAM to be invoked. p.s. JASPIC_SPEC-4 also mentions logout.
        Hide
        monzillo added a comment -

        this issue will be addressed under issue 4

        Show
        monzillo added a comment - this issue will be addressed under issue 4
        Show
        monzillo added a comment - http://java.net/jira/browse/JASPIC_SPEC-4

          People

          • Assignee:
            Unassigned
            Reporter:
            arjan tijms
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: