You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/10/13 12:00:55 UTC
DO NOT REPLY [Bug 23764] New: -
logout in SSO from sessions in 2 or more webapps not working
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23764>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23764
logout in SSO from sessions in 2 or more webapps not working
Summary: logout in SSO from sessions in 2 or more webapps not
working
Product: Tomcat 5
Version: 5.0.12
Platform: All
OS/Version: All
Status: NEW
Severity: Major
Priority: Other
Component: Unknown
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: adam.hardy@cyberspaceroad.com
If I have SSO enabled, and I log on to my webapp, and also visit a second webapp
on my localhost, I can't logout anymore.
If I go to the page which has the following JSP:
remote user <%=request.getRemoteUser() %> in
session <%= session.getId() %>
<%
session.invalidate();
%>
and refresh over and over always showed the following:
remote user adam in session EB2543D909D52551EA58C77E963CDD17
remote user adam in session EA33F35CCB3D1205A88226029C65939C
remote user adam in session 8814C0365D3F0BDD97B1DE9B7EAECD17
remote user adam in session 1B7F0424190985F24A294EA2344888C5
The only way to logout is to close my browser or delete the JSESSIONIDSSO cookie
in mozilla.
But logout does work for just one app - if I only visit & login to one webapp,
when I invalidate the session, I immediately get a login request.
NB: The logout functions correctly when all my sessions expire.
NB2: When some but not all of my sessions in one SSO time out, I can re-access
the timed-out webapps without seeing a login request.
Hope that describes it clearly,
Adam
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org