[jboss-jira] [JBoss JIRA] (WFLY-5657) HttpServletRequest.changeSessionId() doesn't reassociate session ID with distributed SSO
Paul Ferraro (JIRA)
issues at jboss.org
Wed Nov 11 11:12:00 EST 2015
[ https://issues.jboss.org/browse/WFLY-5657?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul Ferraro updated WFLY-5657:
-------------------------------
Summary: HttpServletRequest.changeSessionId() doesn't reassociate session ID with distributed SSO (was: HttpServletRequest.changeSessionId() doesn't invalidate old session ID with distributed SSO)
> HttpServletRequest.changeSessionId() doesn't reassociate session ID with distributed SSO
> ----------------------------------------------------------------------------------------
>
> Key: WFLY-5657
> URL: https://issues.jboss.org/browse/WFLY-5657
> Project: WildFly
> Issue Type: Bug
> Components: Clustering
> Affects Versions: 10.0.0.CR4
> Reporter: Paul Ferraro
> Assignee: Paul Ferraro
>
> The distributed SSO implementation stores a map of sessions using the session ID. If the user changes the session ID, this reference is never changed. Consequently, subsequent calls to SingleSignOn.getSession(SessionManager) will return null.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list