SEC-1554: Logout event should be fired #1795

Closed
spring-issuemaster opened this Issue Sep 2, 2010 · 3 comments

1 participant

@spring-issuemaster

Alex (Migrated from SEC-1554) said:

I'm using a listener for InteractiveAuthenticationSuccessEvent to handle application logic to do when the user logs in (e.g.: increment his logins), and it would be great to have an equivalent event on logout, for example a InteractiveAuthenticationLogoutEvent.

Now the solution is a little cumbersome and includes developing a custom logoutfilter

@spring-issuemaster

Luke Taylor said:

Can you explain the actual use case, please? In most cases a SessionDestroyedEvent would be used since it is more reliable, covering both logouts and the situation where the user forgets to logout and the session expires.

@spring-issuemaster

Alex said:

Actually that was exactly what I was looking for, I made a lot of research but I was unable to find any mention of it, even now that I know his existence I'm unable to find a complete example on the web.

Please accept my apology and close the bug as invalid.

@spring-issuemaster

Luke Taylor said:

The basic functionality is provided by the servlet spec - you can add a listener in your web.xml which will allow you to detect sesson-related events. Spring Security has a class called HttpSessionEventPublisher which translates these events into ApplicationContext events.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment