On 6/30/2015 8:23 AM, Stan Silvert wrote:
On 6/29/2015 8:34 PM, Bill Burke wrote:
>
> On 6/29/2015 5:39 PM, Stan Silvert wrote:
>> On 6/29/2015 5:26 PM, Bill Burke wrote:
>>> We do need some way to listen at the adapter level for a logout event
>>> sent by the auth server. Undertow and Tomcat and Jetty all have ways to
>>> listen for session invalidation events I believe too. Not sure if the
>>> servlet spec has something standard.
>> Yes, the servlet spec has HttpSessionListener with a sessionDestroyed()
>> callback.
>>
>> We could come up with some javascript that you put on the client side
>> that registers with the adapter and gets notified of session
>> invalidation. I'm just wondering if it's something we should provide or
>> not.
> Javascript adapter already checks for logout.
>
What would you suggest for apps that use the other adapters?
They should use regular servlet means to timeout the session.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com