[jboss-jira] [JBoss JIRA] (WFLY-3617) multiple jsessionids at every path for rootcontext application
Ochieng Marembo (JIRA)
issues at jboss.org
Fri Jul 11 16:25:24 EDT 2014
Ochieng Marembo created WFLY-3617:
-------------------------------------
Summary: multiple jsessionids at every path for rootcontext application
Key: WFLY-3617
URL: https://issues.jboss.org/browse/WFLY-3617
Project: WildFly
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Web (Undertow)
Affects Versions: 8.1.0.Final
Environment: redhat linux,
openjdk1.7.0.55
Wildfly 8.1.0.Final
Reporter: Ochieng Marembo
Assignee: Stuart Douglas
3 Tested Scenarios:
1. Deploy war at / with no added path
2. Deploy war at /war1 with no paths or added paths
3. Deploy war at / with several paths
Since the first war has no other navigation path, there is only one jsessionid at root /
For the second war, there are two jsessions, regardless of path: at root / and at contextpath /war1
The final scenario is the worst. There are jsessionis cookies at every path of the application navigable path: at root / at /path1, at /path1/path2, etc.
In every path therefore has a session id, and if you logint at /account, and require login to access /account/dashboard, it is impossible to navigate to your /account/dashboard as the application receives a different sessionid, and hence you are redirected (based on application logic) to login page at /account/signin.xhtml, which now shows that you are logged (due to the jsessionid at /account being used during the login process)
This issue occurs whether i deploy the wars independently or packaged in an ear archive.
On separate or hosts or on the default host.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list