[jboss-jira] [JBoss JIRA] (WFLY-5473) Session.invalidate() does not invalidate SSO context for non-distributable applications
Paul Ferraro (JIRA)
issues at jboss.org
Thu Jan 7 11:59:00 EST 2016
[ https://issues.jboss.org/browse/WFLY-5473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13145950#comment-13145950 ]
Paul Ferraro commented on WFLY-5473:
------------------------------------
My suspicion is that there is a bug in undertow's security context implementation causing both this issue and WFLY-5484 - as it appears that the initial logout is not correctly triggering the requisite SecurityNotification(LOGGED_OUT).
> Session.invalidate() does not invalidate SSO context for non-distributable applications
> ---------------------------------------------------------------------------------------
>
> Key: WFLY-5473
> URL: https://issues.jboss.org/browse/WFLY-5473
> Project: WildFly
> Issue Type: Bug
> Components: Clustering, Web (Undertow)
> Reporter: Richard Janík
> Assignee: Paul Ferraro
> Priority: Blocker
> Fix For: 10.0.0.Final
>
> Attachments: reproducer.zip
>
>
> See "Steps to Reproduce" for detailed description.
> According to my limited knowledge, this was also the core issue in https://bugzilla.redhat.com/show_bug.cgi?id=924456 which has been dispatched as a one-off to a customer. Thus, I'm setting the priority to blocker as this is a regression against 6.4.x. No exceptions have been observed in the server output however.
> Adding Clustering component as I've been trying this with standalone-ha.xml and BZ 924456 relates to clustering.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list