]
Stuart Douglas moved UNDERTOW-547 to WFLY-5422:
-----------------------------------------------
Project: WildFly (was: Undertow)
Key: WFLY-5422 (was: UNDERTOW-547)
Component/s: Clustering
Security
(was: Security)
Affects Version/s: 10.0.0.CR2
(was: 1.3.0.CR1)
SSO is not destroyed after session timeout period of
<distributable/> app.
--------------------------------------------------------------------------
Key: WFLY-5422
URL:
https://issues.jboss.org/browse/WFLY-5422
Project: WildFly
Issue Type: Bug
Components: Clustering, Security
Affects Versions: 10.0.0.CR2
Reporter: Martin Choma
Assignee: Stuart Douglas
Priority: Critical
Using <distributable/> application cause SSO doesnt destroy after session timeout
period. Base on [1], there is still active session, what is probably cause that SSO is not
destroyed.
Setting similar in EAP6 requires user to login after session timeout period.
Setting priority to critical because of regression with security impacts.
[1]
[standalone@localhost:9990 /]
/deployment=secured-webapp.war/subsystem=undertow:read-attribute(name=active-sessions)
{
"outcome" => "success",
"result" => 0
}
[2]
[standalone@localhost:9990 /]
/deployment=secured-webapp.war/subsystem=undertow:read-attribute(name=active-sessions)
{
"outcome" => "success",
"result" => 1
}