[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-2030) Portal session expiration should invalidate portlet webapps sessions
Boleslaw Dawidowicz (JIRA)
jira-events at lists.jboss.org
Mon May 26 10:06:42 EDT 2008
Portal session expiration should invalidate portlet webapps sessions
--------------------------------------------------------------------
Key: JBPORTAL-2030
URL: http://jira.jboss.com/jira/browse/JBPORTAL-2030
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal Core
Affects Versions: 2.6.5 SP1
Reporter: Boleslaw Dawidowicz
Fix For: 2.7 Final
Currently when portal session expires and after page refresh user logs in with different credentials portlet session can last and contain outdated data. Good example of such behavior is this case : http://jira.jboss.com/jira/browse/JBPORTAL-2025.
Current workaround is to set session-timeout that matches portal servlet one in all portlet web application.
Proper solution could be an interceptor that would track session id around request dispatch and invalidate it if needed.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list