Details
-
Bug
-
Resolution: Done
-
Major
-
JBossAS-4.0.5.GA, JBossAS-4.2.0.GA, JBossAS-4.2.1.GA, JBossAS-4.2.2.GA, JBossAS-5.0.0.Beta4
-
None
-
Workaround Exists
-
Description
The representation of a session in an SSO in the clustered cache is done with a simple data object that encapsulates the session id and the address of the node where the session was active. This doesn't properly handle the case where multiple sessions using the same session id but with different webapps are associated with the sso. This kind of thing is common due to the use of the emptySessionPath="true" flag on the connectors in server.xml.
A fix will involve storing the hostname and the context path along with the session id.
Note that the 4.x branch TreeCacheSSOClusterManager.SessionAddress class cannot have its serialization characteristics changed, so the hostname/context path will need to be prepended to the existing sessionId field.
In AS 5 this information now forms part of a JBC FQN, so fix will be a bit different.
Attachments
Issue Links
- is related to
-
JBAS-5608 Removing a session from a clustered sso entry removes all sessions
- Closed
1.
|
Fix ClusteredSingleSignOn cross-context issue in Branch_4_2 | Closed | Unassigned |