0000360: single signon, timeout in one application affects others

Viewing Issue Advanced Details [ Jump to Notes ]

[ View Simple ] [ Issue History ] [ Print ]

Category

Severity

Reproducibility

Date Submitted

Last Update

0000360

[Resin]

minor

always

08-19-05 00:00

11-30-05 14:42

Reporter

sam

View Status

public

Assigned To

Priority

urgent

Resolution

fixed

Platform

Status

closed

Projection

none

OS Version

ETA

none

Fixed in Version

3.0.15

Product Version

3.0.14

Product Build

3.0.14

Summary

0000360: single signon, timeout in one application affects others

Description

RSN-404
(rep by K Wimmer)

With single signon, a timeout in application a kills the login for application b even if application b is in use.

Attached is an example that illustrates the problem. Using the attached WAR
files and resin.conf:

1. go to http://localhost:8080/a/test.jsp [^]

2. log in with the following credentials:
username: Draco Malfoy
password: pureblood

3. go to http://localhost:8080/b/test.jsp [^] (subsequent login is not necessary due
to SSO)

4. continually refresh the http://localhost:8080/b/test.jsp [^] page for 1 min (the
session timeout duration)

5. after 1 min, the session from application 'a' times out and logs you out of
both applications 'a' and 'b' (even though the access log will confirm that you
just accessed application 'b')

The user is prematurely logged out of application 'b'.

Steps To Reproduce

Additional Information

Attached Files

Relationships

Notes
(0000416) ferg 08-19-05 00:00	server/12i0,1,2

Issue History
Date Modified	Username	Field	Change
08-19-05 00:00	sam	New Issue
11-30-05 00:00	administrator	Fixed in Version	=> 3.0.15
11-30-05 14:42	ferg	Status	resolved => closed

Mantis 1.0.0rc3[^]

29 total queries executed.
27 unique queries executed.