You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/10/13 13:08:14 UTC
DO NOT REPLY [Bug 23764] -
logout in SSO from sessions in 2 or more webapps not working
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23764>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23764
logout in SSO from sessions in 2 or more webapps not working
------- Additional Comments From funkman@joedog.org 2003-10-13 11:08 -------
There is a difference in SingleSignOn.java between 4.1 and 5.0. But the diff
doesn't make sense to me: what follows is the diff from 4.1 to 5 for what I
*guess* is the cause:
- // Deregister this single session id, invalidating associated sessions
- deregister(ssoId);
+ if ( event.getData() != null
+ && "logout".equals( event.getData().toString() )) {
+ // logout of all applications
+ deregister(ssoId);
+ } else {
+ // invalidate just one session
+ deregister(ssoId, session);
+ }
Doing a grep for "logout" - I could not find one - so I have no idea when the
true part of the conditional gets executed. Any ideas?
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org