The servlet 2.4 spec adds a new method, "HttpSession.logout()"; How do we implement this?
For the non-single signon case, "logout()" is identical to "invalidate()" For single signon, Tomcat currently uses a "single signon valve" which listens for "Session Destroy" events. When a "Session Destroy" happens, all sessions are removed. A "Session Destroy" happens now when either invalidate() or logout() happens. For logout, everything is fine, for invalidate() - only the session for the current web app should be removed. So, when a session logout() or invalidate() is called, what should happen? A "Session Destroy" with extra data indicating a logout or invalidate occured? Or should a new session event be created to indicate a "logout" is happening? comments/ideas? Cheers, -bob -- Cheers, -bob -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
