[seam-issues] [JBoss JIRA] Commented: (JBSEAM-4775) Session invalidated on every request if anemic sessions are used
Lars Huber (JIRA)
jira-events at lists.jboss.org
Thu Feb 3 05:26:39 EST 2011
[ https://issues.jboss.org/browse/JBSEAM-4775?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12579799#comment-12579799 ]
Lars Huber commented on JBSEAM-4775:
------------------------------------
only session.isNew() is not enough. In cases of AuthenticationFilter (see below) for these resteasy services and wrong or missing credentials will never destroy the session. You must know if session must be destroyed right after failing AuthenticationFilter or at least on next call of ResteasyResourceAdapter. This is the case if the session was created for such a resteasy call.
<resteasy:application resource-path-prefix="/restv1" destroy-session-after-request="true"/>
<web:authentication-filter url-pattern="/seam/resource/restv1/*" auth-type="basic" />
> Session invalidated on every request if anemic sessions are used
> ----------------------------------------------------------------
>
> Key: JBSEAM-4775
> URL: https://issues.jboss.org/browse/JBSEAM-4775
> Project: Seam
> Issue Type: Bug
> Components: WS
> Affects Versions: 2.2.1.Final
> Reporter: Jozef Hartinger
> Assignee: Jozef Hartinger
> Priority: Critical
>
> http://seamframework.org/Community/ResteasyDestroySessionAfterRequestSeriousBug#comment148408
> Check if a session isNew() before invalidating it.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list