You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Alex Parvulescu (JIRA)" <ji...@apache.org> on 2015/05/15 08:55:00 UTC

[jira] [Commented] (OAK-2872) ExternalLoginModule should clear state when login was not successful

    [ https://issues.apache.org/jira/browse/OAK-2872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14545044#comment-14545044 ] 

Alex Parvulescu commented on OAK-2872:
--------------------------------------

Linking to OAK-2849, [~mduerig] this might be another area of SNFEs.

> ExternalLoginModule should clear state when login was not successful
> --------------------------------------------------------------------
>
>                 Key: OAK-2872
>                 URL: https://issues.apache.org/jira/browse/OAK-2872
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: auth-external
>            Reporter: Alex Parvulescu
>            Assignee: Alex Parvulescu
>             Fix For: 1.3.0
>
>
> As discussed in [1], it looks like the ExternalLoginModule ignores cleaning up its internal state when login was not successful.
> What I assume happens next is the old session (probably the initial one created on the very first login call) would be reused throughout the module's lifetime, which would in the end result in the SNFEs post compaction.
> [1] http://markmail.org/thread/pcmlz74ngxl7sqfy



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)