Interface LoggedOutSessionStore
- All Known Implementing Classes:
InMemoryLoggedOutSessionStore
SessionID values of sessions logged out with the OpenID Connect Back-Channel
Logout protocol through the BackchannelLogoutServlet.
Those sessions will be invalidated by the UserFilter when a corresponding HttpSession is being used, and once destroyed the BackchannelLogoutSessionListener is responsible for notifying this store so the
SessionID can be forgotten (to prevent the store growing indefinitely).
Implementations could also directly invalidate the session if possible, rather than only
marking it as logged out to later be invalidated by the UserFilter. In this case, the
BackchannelLogoutSessionListener might not be necessary.
- See Also:
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionvoidForgets about the given session ID.booleanisLoggedOut(SessionID sessionID) Returns whether the given session ID has been logged out.voidRecords the given session ID as having been logged out at the OpenID Provider.
-
Field Details
-
CONTEXT_ATTRIBUTE_NAME
-
-
Method Details
-
logout
Records the given session ID as having been logged out at the OpenID Provider.Implementations could also directly invalidate the session if possible, rather than only marking it as logged out to later be invalidated by the
UserFilter. In this case, theBackchannelLogoutSessionListenermight not be necessary.- See Also:
-
isLoggedOut
Returns whether the given session ID has been logged out.- See Also:
-
forget
Forgets about the given session ID.This method should be called when the corresponding
HttpSessionhas been destroyed, to release memory.- See Also:
-