You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Jan Bernhardt (JIRA)" <ji...@apache.org> on 2015/04/09 19:49:12 UTC

[jira] [Created] (FEDIZ-112) Restore Request Race Condition in Tomcat Plugin

Jan Bernhardt created FEDIZ-112:
-----------------------------------

             Summary: Restore Request Race Condition in Tomcat Plugin
                 Key: FEDIZ-112
                 URL: https://issues.apache.org/jira/browse/FEDIZ-112
             Project: CXF-Fediz
          Issue Type: Bug
          Components: Plugin
    Affects Versions: 1.1.2
            Reporter: Jan Bernhardt
            Assignee: Jan Bernhardt
             Fix For: 1.2.0


If a active session at the RP runs into a timeout and the user refreshes this page, it sometimes happens that the browser sends two or more requests to the web server almost simultaneously because of embedded images in the RP web page. The tomcat plugin only stores the last request for restoration once a valid SAML token is presented. In such cases it can happen that the last request is not the URL of the web page, but of an image. If the user logs in to the IDP and is redirected back to the RP, he/she does not see the web page but a single image instead.

By using unique generated ID from the wctx each request could be restored correctly and individually, thus solving this issue.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)