[jboss-jira] [JBoss JIRA] (WFLY-5473) Session.invalidate() does not invalidate SSO context for non-distributable applications
Richard Janík (JIRA)
issues at jboss.org
Mon Oct 5 06:52:00 EDT 2015
[ https://issues.jboss.org/browse/WFLY-5473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Janík updated WFLY-5473:
--------------------------------
Steps to Reproduce:
- two servers with non-distributable application (requires FORM authentication, user added) and <single-sign-on/> set up
- create a few requests to both servers, you'll be required to authenticate for the first request
- you should now have at least two sessions with the same SSO context
- invalidate one of those sessions by calling session.invalidate()
- what happens: another request to either of the servers won't require you to authenticate
- what's expected: you should be required to authenticate again (SSO context should be destroyed) - this happens when the application is <distributable/>
> Session.invalidate() does not invalidate SSO context for non-distributable applications
> ---------------------------------------------------------------------------------------
>
> Key: WFLY-5473
> URL: https://issues.jboss.org/browse/WFLY-5473
> Project: WildFly
> Issue Type: Bug
> Components: Clustering, Web (Undertow)
> Reporter: Richard Janík
> Assignee: Stuart Douglas
> Priority: Blocker
>
> See "Steps to Reproduce" for detailed description.
> According to my limited knowledge, this was also the core issue in https://bugzilla.redhat.com/show_bug.cgi?id=924456 which has been dispatched as a one-off to a customer. Thus, I'm setting the priority to blocker as this is a regression against 6.4.x. No exceptions have been observed in the server output however.
> Adding Clustering component as I've been trying this with standalone-ha.xml and BZ 924456 relates to clustering.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list