[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-1488) Session Invalidation issue when Tomcat SSO is turned on
Sylvain FRANCOIS (JIRA)
jira-events at lists.jboss.org
Thu Apr 3 08:20:29 EDT 2008
[ http://jira.jboss.com/jira/browse/JBPORTAL-1488?page=comments#action_12406846 ]
Sylvain FRANCOIS commented on JBPORTAL-1488:
--------------------------------------------
Hum :-)...
The fix depends on exception message ("invalidate: Session already invalidated"), which is incorrect since it depends on locale.
IMHO, you should check session using {req.isRequestedSessionIdValid()}
> Session Invalidation issue when Tomcat SSO is turned on
> -------------------------------------------------------
>
> Key: JBPORTAL-1488
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-1488
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal Server
> Affects Versions: 2.4.1 SP1, 2.6.CR2
> Reporter: Sohil Shah
> Assigned To: Sohil Shah
> Priority: Minor
> Fix For: 2.6 CR3, 2.4.2 Final
>
>
> It turns out that when Tomcat SSO is turned on, when a user's session is invalidated,
> as the portal server iterates through all the active war sessions and invalidates them, the main portal session is invalidated as well.
> The code calls session.invalidate on the main portal session after that and gets and IllegalStateException because the session is already invalidated.
> This exception needs to be handled smoothly so that user does not see a failure upon logout
> Note: This issue surfaces only when Tomcat SSO is actiavted.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list