You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2013/05/30 15:53:31 UTC

svn commit: r1487863 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/authenticator/AuthenticatorBase.java webapps/docs/changelog.xml

Author: markt
Date: Thu May 30 13:53:31 2013
New Revision: 1487863

URL: http://svn.apache.org/r1487863
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=54999
Fix JSESSIONIDSSO not recreated when a logout and login occur in the same request.
Patch provided by Keith Mashinter

Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1487862

Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1487863&r1=1487862&r2=1487863&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Thu May 30 13:53:31 2013
@@ -775,6 +775,7 @@ public abstract class AuthenticatorBase 
             if (principal == null) {
                 // Registering a programmatic logout
                 sso.deregister(ssoId);
+                request.removeNote(Constants.REQ_SSOID_NOTE);
                 return;
             } else {
                 // Update the SSO session with the latest authentication data

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1487863&r1=1487862&r2=1487863&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu May 30 13:53:31 2013
@@ -111,6 +111,11 @@
         posted as multipart/form-data even when the request parameters are not
         parsed. (violetagg)
       </fix>
+      <fix>
+        <bug>54999</bug>: The old JSESSIONIDSSAO needs to be removed when SSO is
+        being used and logout() and login() occur within a single request. Patch
+        provided by Keith Mashinter. (markt) 
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org