You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/10/13 13:08:14 UTC

DO NOT REPLY [Bug 23764] - logout in SSO from sessions in 2 or more webapps not working

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23764>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23764

logout in SSO from sessions in 2 or more webapps not working





------- Additional Comments From funkman@joedog.org  2003-10-13 11:08 -------
There is a difference in SingleSignOn.java between 4.1 and 5.0. But the diff
doesn't make sense to me: what follows is the diff from 4.1 to 5 for what I
*guess* is the cause:
-        // Deregister this single session id, invalidating associated sessions
-        deregister(ssoId);
+        if ( event.getData() != null 
+             && "logout".equals( event.getData().toString() )) {
+            // logout of all applications
+            deregister(ssoId);
+        } else {
+            // invalidate just one session
+            deregister(ssoId, session);
+        }

Doing a grep for "logout" - I could not find one  - so I have no idea when the
true part of the conditional gets executed. Any ideas?

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org