You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/11/16 10:29:32 UTC
[Bug 60380] New: HttpServletRequest#logout() never calls
TomcatPrincipal#logout()
https://bz.apache.org/bugzilla/show_bug.cgi?id=60380
Bug ID: 60380
Summary: HttpServletRequest#logout() never calls
TomcatPrincipal#logout()
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: 1983-01-06@gmx.net
Target Milestone: ----
If the client code calls HttpServletRequest#logout(), it is delegated to
getContext().getAuthenticator().logout(this); but
AuthenticatorBase#logout(Request) never calls TomcatPrincipal#logout() to free
resources. The only spot where this method is called is in
StandardSession#expire(boolean).
A completely request-based application cannot free the principal without ugly
hacks.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60380] HttpServletRequest#logout() never calls
TomcatPrincipal#logout()
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60380
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
Thanks for the report and the patch. I applied a slightly modified patch that
used Tomcat's standard(ish) style of exception handling.
Fixed in:
- trunk for 9.0.0.M14 onwards
- 8.5.x for 8.5.9 onwards
- 8.0.x for 8.0.40 onwards
- 7.0.x for 7.0.74 onwards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60380] HttpServletRequest#logout() never calls
TomcatPrincipal#logout()
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60380
--- Comment #1 from Michael Osipov <19...@gmx.net> ---
Created attachment 34462
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34462&action=edit
Patch calling TomcatPrincipal#logout()
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60380] HttpServletRequest#logout() never calls
TomcatPrincipal#logout()
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60380
--- Comment #5 from Mark Thomas <ma...@apache.org> ---
The reason is java.lang.StackOverflowError and anything similar that may be
added / discovered.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60380] HttpServletRequest#logout() never calls
TomcatPrincipal#logout()
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60380
Michael Osipov <19...@gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |60379
Referenced Bugs:
https://bz.apache.org/bugzilla/show_bug.cgi?id=60379
[Bug 60379] GenericPrincipal never frees GSSCredential
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60380] HttpServletRequest#logout() never calls
TomcatPrincipal#logout()
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60380
--- Comment #4 from Michael Osipov <19...@gmx.net> ---
(In reply to Mark Thomas from comment #3)
> Thanks for the report and the patch. I applied a slightly modified patch
> that used Tomcat's standard(ish) style of exception handling.
Any reason not to keep "catch (Exception e)" because Exception extends
Throwable and the ExceptionUtils still can do their work? Anything but
Exception indicates some severe VM error.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 60380] HttpServletRequest#logout() never calls
TomcatPrincipal#logout()
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60380
Michael Osipov <19...@gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #34462|0 |1
is obsolete| |
--- Comment #2 from Michael Osipov <19...@gmx.net> ---
Created attachment 34463
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34463&action=edit
Patch calling TomcatPrincipal#logout()
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org