You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <ji...@apache.org> on 2010/12/21 09:48:01 UTC
[jira] Commented: (GERONIMO-5738) The value of
HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after
HttpServletRequest.logout() invokes
[ https://issues.apache.org/jira/browse/GERONIMO-5738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12973516#action_12973516 ]
David Jencks commented on GERONIMO-5738:
----------------------------------------
Is this with tomcat, jetty, or both?
> The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after HttpServletRequest.logout() invokes
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-5738
> URL: https://issues.apache.org/jira/browse/GERONIMO-5738
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: LiWenQin
> Priority: Minor
> Fix For: 3.0
>
>
> Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
> 1 test fails because of the value of HttpServletRequest.getRemoteUser()&getUserPrincipal() are NOT null (in fact , values are both "george")after HttpServletRequest.logout() invokes.
> Since the value should be null according to the HttpServletRequest API, it is a bug needs to fix on server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.