Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-5609

ClusteredSingleSignOn cannot handle cross-context apps with same session id

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • JBossAS-5.0.0.CR2
    • JBossAS-4.0.5.GA, JBossAS-4.2.0.GA, JBossAS-4.2.1.GA, JBossAS-4.2.2.GA, JBossAS-5.0.0.Beta4
    • Clustering, Web (Tomcat) service
    • None
    • Workaround Exists
    • Hide

      In the connector element of server.xml, set emptySessionPath="false" if you don't need different sessions to have the same session id.

      Show
      In the connector element of server.xml, set emptySessionPath="false" if you don't need different sessions to have the same session id.

      The representation of a session in an SSO in the clustered cache is done with a simple data object that encapsulates the session id and the address of the node where the session was active. This doesn't properly handle the case where multiple sessions using the same session id but with different webapps are associated with the sso. This kind of thing is common due to the use of the emptySessionPath="true" flag on the connectors in server.xml.

      A fix will involve storing the hostname and the context path along with the session id.

      Note that the 4.x branch TreeCacheSSOClusterManager.SessionAddress class cannot have its serialization characteristics changed, so the hostname/context path will need to be prepended to the existing sessionId field.

      In AS 5 this information now forms part of a JBC FQN, so fix will be a bit different.

        1.
        		 Fix ClusteredSingleSignOn cross-context issue in Branch_4_2 Sub-task Closed Major Unassigned

            bstansbe@redhat.com Brian Stansberry
            bstansbe@redhat.com Brian Stansberry
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: