]
Stuart Douglas commented on WFLY-7019:
--------------------------------------
Looks like this was re-introduced by
[11.0.x] Calling HttpServletRequest.logout() with single sign-on
enabled only works every second time
-----------------------------------------------------------------------------------------------------
Key: WFLY-7019
URL:
https://issues.jboss.org/browse/WFLY-7019
Project: WildFly
Issue Type: Bug
Components: Web (Undertow)
Affects Versions: 11.0.0.Alpha1
Reporter: Richard JanÃk
Assignee: Stuart Douglas
This issue has resurfaced with 11.0.0.Alpha1-SNAPSHOT. It has been previously reported
and fixed in 10.1.0.Final.
See "Steps to Reproduce". Logging out from an application only works every
second time, e.g. HttpRequestServlet.logout() has to be called twice in order to have any
effect. This doesn't occur without <single-sign-on/> enabled - logout() has the
expected effect. I'm adding our security team members as watchers.
I'm trying to create a test in the WildFly integration testsuite, but I'm
currently failing ([1]). The test I have written is currently passing. I don't know
why yet, but either the test is bad or there might be something specific about the issue.
The reproducer from JBEAP-1282 still works (in other words, it is failing now that the
issue has appeared again).
[1]:
https://github.com/LittleJohnII/wildfly/blob/sso-logout/testsuite/integra...
see testLogoutWithClusteredSSO