You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/03/10 16:10:59 UTC

svn commit: r1734420 - in /tomcat/trunk: java/org/apache/catalina/authenticator/SingleSignOn.java webapps/docs/changelog.xml

Author: markt
Date: Thu Mar 10 15:10:56 2016
New Revision: 1734420

URL: http://svn.apache.org/viewvc?rev=1734420&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59145
Don't log an invalid warning when a user logs out of a session associated with SSO.

Modified:
    tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java?rev=1734420&r1=1734419&r2=1734420&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java (original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/SingleSignOn.java Thu Mar 10 15:10:56 2016
@@ -329,7 +329,16 @@ public class SingleSignOn extends ValveB
                 containerLog.debug(sm.getString("singleSignOn.debug.sessionLogout",
                         ssoId, session));
             }
-            deregister(ssoId);
+            // First remove the session that we know has expired / been logged
+            // out since it has already been removed from its Manager and, if
+            // we don't remove it first, deregister() will log a warning that it
+            // can't be found
+            removeSession(ssoId, session);
+            // If the SSO session was only associated with one web app the call
+            // above will have removed the SSO session from the cache
+            if (cache.containsKey(ssoId)) {
+                deregister(ssoId);
+            }
         }
     }
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1734420&r1=1734419&r2=1734420&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Thu Mar 10 15:10:56 2016
@@ -176,6 +176,10 @@
         Patch provided by Mikko Tiihonen. (markt)
       </add>
       <fix>
+        <bug>59145</bug>: Don't log an invalid warning when a user logs out of
+        a session associated with SSO. (markt)
+      </fix>
+      <fix>
         <bug>59151</bug>: Fix a regression in the fix for <bug>56917</bug> that
         added additional (and arguably unnecessary) validation to the provided
         redirect location. (markt)



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org