[JBoss JIRA] (WFLY-5484) Calling HttpServletRequest.logout() with single sign-on enabled only works every second time

Tuesday, 5 January 2016

    [
https://issues.jboss.org/browse/WFLY-5484?page=com.atlassian.jira.plugin....
] 

Paul Ferraro commented on WFLY-5484:
------------------------------------

[~rjanik] I've looked at the reproducer, but I fail to see where ?logout=true is
handled anywhere in the requested servlet.   (I'm assuming this uses this application:
https://github.com/clusterbench/clusterbench/blob/master/clusterbench-com...)
As far as I can tell, the only request parameters being handled are:
* readonly (for read-only requests)
* invalidate (for session invalidation)

I see no code that performs a HttpServletRequest.logout().  If I am mistaken, please post
the source.

...
 Calling HttpServletRequest.logout() with single sign-on enabled only
works every second time

--------------------------------------------------------------------------------------------

                 Key: WFLY-5484
                 URL: https://issues.jboss.org/browse/WFLY-5484
             Project: WildFly
          Issue Type: Bug
          Components: Clustering, Web (Undertow)
            Reporter: Richard Janík
            Assignee: Paul Ferraro
            Priority: Blocker
             Fix For: 10.0.0.CR5

         Attachments: reproducer-jbeap-1282.zip

 See "Steps to Reproduce". Logging out from an application only works every
second time, e.g. HttpRequestServlet.logout() has to be called twice in order to have any
effect
 This doesn't occur without <single-sign-on/> enabled - logout() has the
expected effect. The issue is security related, thus I'm adding our security team
members as watchers. 

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006