| Anonymous | Login | Signup for a new account | 11-10-2025 01:06 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0000599 | [Resin] | minor | always | 12-30-05 09:27 | 04-03-06 11:49 | ||||
| Reporter | ferg | View Status | public | ||||||
| Assigned To | ferg | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | 3.0.17 | ||||||
| Summary | 0000599: SSO sessions and logout of one | ||||||||
| Description |
(rep by Vinny) I've run into a serious problem in resin (3.0.16) in which a session attribute won't go away. I log into one webapp as one customer and then logout with session.invalidate() I then log into the webapp as another customer but the original customer attributes are displayed! Not good. Now I do set customer attributes in a filter that is mapped to /* and uses the getUserPrincipal as the key to load in the Preferences (session attributes). Does session.invalidate() remove all seesion attributes or not? Do I have to do it in each SSOd webapp? |
||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
 Relationships |
|
| There are no notes attached to this issue. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 12-30-05 09:27 | ferg | New Issue | |
| 04-03-06 11:49 | ferg | Assigned To | => ferg |
| 04-03-06 11:49 | ferg | Status | new => closed |
| 04-03-06 11:49 | ferg | Resolution | open => fixed |
| 04-03-06 11:49 | ferg | Fixed in Version | => 3.0.19 |
| 04-03-06 11:49 | ferg | View Status | @0@ => public |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
26 total queries executed. 24 unique queries executed. |  |
