Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-5609

ClusteredSingleSignOn cannot handle cross-context apps with same session id

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • JBossAS-5.0.0.CR2
    • JBossAS-4.0.5.GA, JBossAS-4.2.0.GA, JBossAS-4.2.1.GA, JBossAS-4.2.2.GA, JBossAS-5.0.0.Beta4
    • Clustering, Web (Tomcat) service
    • None
    • Workaround Exists
    • Hide

      In the connector element of server.xml, set emptySessionPath="false" if you don't need different sessions to have the same session id.

      Show
      In the connector element of server.xml, set emptySessionPath="false" if you don't need different sessions to have the same session id.

    Description

      The representation of a session in an SSO in the clustered cache is done with a simple data object that encapsulates the session id and the address of the node where the session was active. This doesn't properly handle the case where multiple sessions using the same session id but with different webapps are associated with the sso. This kind of thing is common due to the use of the emptySessionPath="true" flag on the connectors in server.xml.

      A fix will involve storing the hostname and the context path along with the session id.

      Note that the 4.x branch TreeCacheSSOClusterManager.SessionAddress class cannot have its serialization characteristics changed, so the hostname/context path will need to be prepended to the existing sessionId field.

      In AS 5 this information now forms part of a JBC FQN, so fix will be a bit different.

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBAS-5608 Removing a session from a clustered sso entry removes all sessions

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed

          Activity

            People

              bstansbe@redhat.com Brian Stansberry
              bstansbe@redhat.com Brian Stansberry
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: