Support for HttpServletRequest#logout
-------------------------------------
Key: JASPIC_SPEC-6
URL:
http://java.net/jira/browse/JASPIC_SPEC-6
Project: jaspic-spec
Issue Type: New Feature
Reporter: arjan tijms
Servlet 3.0 introduced the [HttpServletRequest#logout|
http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()] method.
Invoking this method does not seem to cause any method on a configured auth module to be invoked. This makes it impossible for an auth module to fully manage the authentication session. A specific use case is the implementation of a "remember me" functionality. For this the auth module can e.g. insert a cookie into the response after a successful initial authentication. This cookie should then live beyond a session expiration, but has to be removed when a user explicitly log outs.
Without the auth module being notified of such an explicit logout invocation, there is no opportunity to remove said cookie.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://java.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira