You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/10/13 12:00:55 UTC

DO NOT REPLY [Bug 23764] New: - logout in SSO from sessions in 2 or more webapps not working

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23764>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23764

logout in SSO from sessions in 2 or more webapps not working

           Summary: logout in SSO from sessions in 2 or more webapps not
                    working
           Product: Tomcat 5
           Version: 5.0.12
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Unknown
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: adam.hardy@cyberspaceroad.com


If I have SSO enabled, and I log on to my webapp, and also visit a second webapp
on my localhost, I can't logout anymore.

If I go to the page which has the following JSP:

remote user <%=request.getRemoteUser() %> in
session <%= session.getId() %>
<%
session.invalidate();
%>

and refresh over and over always showed the following:

remote user adam in session EB2543D909D52551EA58C77E963CDD17
remote user adam in session EA33F35CCB3D1205A88226029C65939C
remote user adam in session 8814C0365D3F0BDD97B1DE9B7EAECD17
remote user adam in session 1B7F0424190985F24A294EA2344888C5

The only way to logout is to close my browser or delete the JSESSIONIDSSO cookie
in mozilla. 

But logout does work for just one app - if I only visit & login to one webapp,
when I invalidate the session, I immediately get a login request.

NB: The logout functions correctly when all my sessions expire. 

NB2: When some but not all of my sessions in one SSO time out, I can re-access
the timed-out webapps without seeing a login request. 

Hope that describes it clearly,

Adam

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org