You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Tobias Bocanegra (JIRA)" <ji...@apache.org> on 2015/05/15 18:21:00 UTC

[jira] [Reopened] (OAK-2872) ExternalLoginModule should clear state when login was not successful

     [ https://issues.apache.org/jira/browse/OAK-2872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tobias Bocanegra reopened OAK-2872:
-----------------------------------

I think we also should add the clearState() call at the end of the login() method. [~anchela] wdyt?

> ExternalLoginModule should clear state when login was not successful
> --------------------------------------------------------------------
>
>                 Key: OAK-2872
>                 URL: https://issues.apache.org/jira/browse/OAK-2872
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: auth-external
>            Reporter: Alex Parvulescu
>            Assignee: Alex Parvulescu
>             Fix For: 1.3.0
>
>
> As discussed in [1], it looks like the ExternalLoginModule ignores cleaning up its internal state when login was not successful.
> What I assume happens next is the old session (probably the initial one created on the very first login call) would be reused throughout the module's lifetime, which would in the end result in the SNFEs post compaction.
> [1] http://markmail.org/thread/pcmlz74ngxl7sqfy



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)