[jboss-jira] [JBoss JIRA] (WFLY-5422) SSO is not destroyed after session timeout period of <distributable/> app.
Juliano Carlos da Silva (JIRA)
issues at jboss.org
Mon Jun 6 09:10:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-5422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13248290#comment-13248290 ]
Juliano Carlos da Silva commented on WFLY-5422:
-----------------------------------------------
For me this still happen on 10.0.0-Final
when i use mod_cluster + domain
the session timeout does not trigger.
> SSO is not destroyed after session timeout period of <distributable/> app.
> --------------------------------------------------------------------------
>
> Key: WFLY-5422
> URL: https://issues.jboss.org/browse/WFLY-5422
> Project: WildFly
> Issue Type: Bug
> Components: Clustering, Security
> Affects Versions: 10.0.0.CR2
> Reporter: Martin Choma
> Assignee: Paul Ferraro
> Priority: Critical
> Fix For: 10.0.0.CR5
>
>
> Using <distributable/> application cause SSO doesnt destroy after session timeout period. Base on [1], there is still active session, what is probably cause that SSO is not destroyed.
> Setting similar in EAP6 requires user to login after session timeout period.
> Setting priority to critical because of regression with security impacts.
> [1]
> [standalone at localhost:9990 /] /deployment=secured-webapp.war/subsystem=undertow:read-attribute(name=active-sessions)
> {
> "outcome" => "success",
> "result" => 0
> }
> [2]
> [standalone at localhost:9990 /] /deployment=secured-webapp.war/subsystem=undertow:read-attribute(name=active-sessions)
> {
> "outcome" => "success",
> "result" => 1
> }
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list