[jboss-jira] [JBoss JIRA] (WFLY-5422) SSO is not destroyed after session timeout period of <distributable/> app.
Stuart Douglas (JIRA)
issues at jboss.org
Mon Sep 28 21:04:00 EDT 2015
[ https://issues.jboss.org/browse/WFLY-5422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas moved UNDERTOW-547 to WFLY-5422:
-----------------------------------------------
Project: WildFly (was: Undertow)
Key: WFLY-5422 (was: UNDERTOW-547)
Component/s: Clustering
Security
(was: Security)
Affects Version/s: 10.0.0.CR2
(was: 1.3.0.CR1)
> SSO is not destroyed after session timeout period of <distributable/> app.
> --------------------------------------------------------------------------
>
> Key: WFLY-5422
> URL: https://issues.jboss.org/browse/WFLY-5422
> Project: WildFly
> Issue Type: Bug
> Components: Clustering, Security
> Affects Versions: 10.0.0.CR2
> Reporter: Martin Choma
> Assignee: Stuart Douglas
> Priority: Critical
>
> Using <distributable/> application cause SSO doesnt destroy after session timeout period. Base on [1], there is still active session, what is probably cause that SSO is not destroyed.
> Setting similar in EAP6 requires user to login after session timeout period.
> Setting priority to critical because of regression with security impacts.
> [1]
> [standalone at localhost:9990 /] /deployment=secured-webapp.war/subsystem=undertow:read-attribute(name=active-sessions)
> {
> "outcome" => "success",
> "result" => 0
> }
> [2]
> [standalone at localhost:9990 /] /deployment=secured-webapp.war/subsystem=undertow:read-attribute(name=active-sessions)
> {
> "outcome" => "success",
> "result" => 1
> }
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list