|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 599 | minor | always | 12-30-05 09:27 | 04-03-06 11:49 | |
|
|
|||||
| Reporter: | ferg | Platform: | |||
| Assigned To: | ferg | OS: | |||
| Priority: | normal | OS Version: | |||
| Status: | closed | Product Version: | 3.0.17 | ||
| Product Build: | Resolution: | fixed | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | 3.0.19 | ||
|
|
|||||
| Summary: | 0000599: SSO sessions and logout of one | ||||
| Description: |
(rep by Vinny) I've run into a serious problem in resin (3.0.16) in which a session attribute won't go away. I log into one webapp as one customer and then logout with session.invalidate() I then log into the webapp as another customer but the original customer attributes are displayed! Not good. Now I do set customer attributes in a filter that is mapped to /* and uses the getUserPrincipal as the key to load in the Preferences (session attributes). Does session.invalidate() remove all seesion attributes or not? Do I have to do it in each SSOd webapp? |
||||
| Steps To Reproduce: | |||||
| Additional Information: | |||||
| Relationships | |||||
| Attached Files: | |||||
| There are no notes attached to this issue. |