[jboss-jira] [JBoss JIRA] Created: (JBAS-5609) ClusteredSingleSignOn cannot handle cross-context apps with same session id
Brian Stansberry (JIRA)
jira-events at lists.jboss.org
Mon Jun 9 17:05:48 EDT 2008
ClusteredSingleSignOn cannot handle cross-context apps with same session id
---------------------------------------------------------------------------
Key: JBAS-5609
URL: http://jira.jboss.com/jira/browse/JBAS-5609
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Clustering, Web (Tomcat) service
Affects Versions: JBossAS-5.0.0.Beta4, JBossAS-4.2.2.GA, JBossAS-4.2.1.GA, JBossAS-4.2.0.GA, JBossAS-4.0.5.GA
Reporter: Brian Stansberry
Assigned To: Brian Stansberry
Fix For: JBossAS-5.0.0.CR2
The representation of a session in an SSO in the clustered cache is done with a simple data object that encapsulates the session id and the address of the node where the session was active. This doesn't properly handle the case where multiple sessions using the same session id but with different webapps are associated with the sso. This kind of thing is common due to the use of the emptySessionPath="true" flag on the connectors in server.xml.
A fix will involve storing the hostname and the context path along with the session id.
Note that the 4.x branch TreeCacheSSOClusterManager.SessionAddress class cannot have its serialization characteristics changed, so the hostname/context path will need to be prepended to the existing sessionId field.
In AS 5 this information now forms part of a JBC FQN, so fix will be a bit different.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list