One more thing - As I mentioned earlier, at present the
login/logout
events are, I think, identified with the LoginPrincipal. If
we want to
be able to match login and logout (and session timeout)
events, it might
be important to alternatively or additionally identify these
events with
the session id (which I don't think can be reached through a
LoginPrincipal).
Terry Steichen wrote:
> I'm still learning my way through the new events
structure, so I hope
> I'm not misunderstanding something. I notice that (in
> AuthenticationManager) events are generated at login as
well as at
> logout. I suspect that most users don't use an
explicit logout,
> instead allowing the session to expire via inactivity
timeout. Would
> it be useful to also generate an event (in
SessionMonitor) when a
> session has expired? And related to that, would that
'expired' event
> have enough information in it (LoginPrincipal?) to
match it to the
> corresponding login event?
>
>
> _______________________________________________
> Jspwiki-users mailing list
> Jspwiki-users ecyrd.com
> http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
>
_______________________________________________
Jspwiki-users mailing list
Jspwiki-usersecyrd.com
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
|