Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Duplicate
    • Labels:
      None

      Description

      Servlet 3.0 introduced the HttpServletRequest#logout method.

      Invoking this method does not seem to cause any method on a configured auth module to be invoked. This makes it impossible for an auth module to fully manage the authentication session. A specific use case is the implementation of a "remember me" functionality. For this the auth module can e.g. insert a cookie into the response after a successful initial authentication. This cookie should then live beyond a session expiration, but has to be removed when a user explicitly log outs.

      Without the auth module being notified of such an explicit logout invocation, there is no opportunity to remove said cookie.

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            arjan tijms
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: