SSO session expiration

["Kraev, Dmitry" <dk...@mera.ru>]

I`m working on migration from tomcat 6 to tomcat 8. On tomcat 8 the following warning occurs when the session is expired or the user signed out:

WARN [org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO unable to expire session [Host: [localhost], Context: [/appName], SessionID: [cookieId]] because the Session could not be found

I found that in Tomcat 6 session registers like the following:

[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] Registering sso id 'E16F95304C7A0571A392C49BBB5B2B28' for user 'root' with auth type 'FORM'
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] Associate sso id E16F95304C7A0571A392C49BBB5B2B28 with session StandardSession[68B9BFEC646992D572DEDFBB0BA29BDC]

And then session destroys as the following:

[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] Process session destroyed on StandardSession[68B9BFEC646992D572DEDFBB0BA29BDC]
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] Deregistering sso id 'E16F95304C7A0571A392C49BBB5B2B28'
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] Process session destroyed on StandardSession[CC36C13B089873D8BCEF2CBAFA1552F5]
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] Process session destroyed on StandardSession[DAC33294278B915C464EDFF0387A5E8D]

Everything looks fine.

In Tomcat 8 session registers listed below:

[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO registering SSO session [F869098E903E96139B95170742C613E8] for user [root] with authentication type [FORM]
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO associating application session [StandardSession[9B741874689B4C8A1296D5BB86B841D0]] with SSO session [F869098E903E96139B95170742C613E8]

And when the session has to be destroyed the following messages occurs:

[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO processing a log out for SSO session [F869098E903E96139B95170742C613E8] and application session [StandardSession[A88E8761E6F82CF38ED79590D1FED84D]]

[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO expiring application session [Host: [localhost], Context: [/AppName1], SessionID: [AE27B6B1C4E9C26E7C298A4E1DB7DC27]] associated with SSO session [F869098E903E96139B95170742C613E8]
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO processing a log out for SSO session [F869098E903E96139B95170742C613E8] and application session [StandardSession[AE27B6B1C4E9C26E7C298A4E1DB7DC27]]
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO failed to deregister the SSO session [F869098E903E96139B95170742C613E8] because it was not in the cache

[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO expiring application session [Host: [localhost], Context: [/AppName2], SessionID: [9B741874689B4C8A1296D5BB86B841D0]] associated with SSO session [F869098E903E96139B95170742C613E8]
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO processing a log out for SSO session [F869098E903E96139B95170742C613E8] and application session [StandardSession[9B741874689B4C8A1296D5BB86B841D0]]
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO failed to deregister the SSO session [F869098E903E96139B95170742C613E8] because it was not in the cache

[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO expiring application session [Host: [localhost], Context: [/AppName3], SessionID: [A88E8761E6F82CF38ED79590D1FED84D]] associated with SSO session [F869098E903E96139B95170742C613E8]
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost]] SSO unable to expire session [Host: [localhost], Context: [/AppName3], SessionID: [A88E8761E6F82CF38ED79590D1FED84D]] because the Session could not be found

I also found the tomcat's function that destroys sessions. The messaging should look something like this:


1.       SSO processing a log out for SSO session [{0}] and application session [{1}]

2.       SSO expiring application session [{0}] associated with SSO session [{1}]

But as you can see above, the only "AppName1" starts with the "SSO processing...", the others starts with "SSO expiring...", and "AppName1" ends up with a warning message.
Could it be related to session association thing? How to switch them and set like in tomcat 6?
Or may it be related to something else and if it so where should I look?