[jboss-jira] [JBoss JIRA] (WFLY-5932) Invalidating a session of an SSO on a different node than where the session was created does not logout the user

Stuart Douglas (JIRA) issues at jboss.org
Tue Jan 26 18:44:00 EST 2016 

    [ https://issues.jboss.org/browse/WFLY-5932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13154148#comment-13154148 ] 

Stuart Douglas commented on WFLY-5932:
--------------------------------------

I think this should fix the problem: https://github.com/undertow-io/undertow/compare/master...stuartwdouglas:sso-fix?expand=1

Unfortunately I am having trouble getting a reproducer to work. [~rjanik] would you be able to see if this commit fixes it?

> Invalidating a session of an SSO on a different node than where the session was created does not logout the user
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: WFLY-5932
>                 URL: https://issues.jboss.org/browse/WFLY-5932
>             Project: WildFly
>          Issue Type: Bug
>          Components: Web (Undertow)
>    Affects Versions: 10.0.0.CR5
>            Reporter: Richard Janík
>            Assignee: Stuart Douglas
>            Priority: Blocker
>
> See steps to reproduce for description. Additional scenario with a failover where we don't need to authenticate with the last request (but where we should be required to authenticate):
> * Access A1, authenticate, fail A1 (e.g. shutdown the server), access A2, invalidate session on A2, access A2
> Scenarios where the SSO context is destroyed (where we need to authenticate with the last request as expected):
> * Access A1, authenticate, invalidate session on A1, access A1
> * Access A1, authenticate, access A2, invalidate session on A1, access A1
> Possibly related to JBEAP-1228, JBEAP-1282. Note that we always only have a single session bound to an SSO. I'm not flagging this as a blocker, since the issue usually doesn't manifest thanks to sticky sessions on a load balancer.



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list