]
Juliano Carlos da Silva commented on WFLY-5422:
-----------------------------------------------
For me this still happen on 10.0.0-Final
when i use mod_cluster + domain
the session timeout does not trigger.
SSO is not destroyed after session timeout period of
<distributable/> app.
--------------------------------------------------------------------------
Key: WFLY-5422
URL:
https://issues.jboss.org/browse/WFLY-5422
Project: WildFly
Issue Type: Bug
Components: Clustering, Security
Affects Versions: 10.0.0.CR2
Reporter: Martin Choma
Assignee: Paul Ferraro
Priority: Critical
Fix For: 10.0.0.CR5
Using <distributable/> application cause SSO doesnt destroy after session timeout
period. Base on [1], there is still active session, what is probably cause that SSO is not
destroyed.
Setting similar in EAP6 requires user to login after session timeout period.
Setting priority to critical because of regression with security impacts.
[1]
[standalone@localhost:9990 /]
/deployment=secured-webapp.war/subsystem=undertow:read-attribute(name=active-sessions)
{
"outcome" => "success",
"result" => 0
}
[2]
[standalone@localhost:9990 /]
/deployment=secured-webapp.war/subsystem=undertow:read-attribute(name=active-sessions)
{
"outcome" => "success",
"result" => 1
}