[jboss-user] [Beginner's Corner] - How does AS7 handle session timeout when using Servlet 3.0 programmatic security

[Patrick Garner]

Patrick Garner [https://community.jboss.org/people/pgarner] created the discussion

"How does AS7 handle session timeout when using Servlet 3.0 programmatic security"

To view the discussion, visit: https://community.jboss.org/message/719741#719741

--------------------------------------------------------------
Regarding Servlet 3.0 programmatic security, when a session times out there is no way to invoke HttpServletRequest#logout().  

Does the user remain logged into JAAS?

If so, what is best practice to handle logging out of JAAS after session times out?  

How does the container handle the user's subsequent request to login again and create a new session after session timeout?

As an aside, what are the pros and cons of using the following three approaches to handle session timeout when using Servlet 3.0 programmatic security:

1. HttpSessionListener#sessionDestroyed()
2. Make the @ManagedBean @SessionScoped LoginManager implement HttpSessionBindingListener and do something in valueUnbound.
3. Annotate a method in @ManagedBean @SessionScoped LoginManager with @PreDestroy.


Any other suggested approaches/ best practices advice would surely be appreciated.
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/719741#719741]

Start a new discussion in Beginner's Corner at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120226/ffc19970/attachment.html