Details
-
Bug
-
Resolution: Obsolete
-
Major
-
None
-
8.1.0.Final
-
None
Description
3 Tested Scenarios:
1. Deploy war at / with no added path
2. Deploy war at /war1 with no paths or added paths
3. Deploy war at / with several paths
Since the first war has no other navigation path, there is only one jsessionid at root /
For the second war, there are two jsessions, regardless of path: at root / and at contextpath /war1
The final scenario is the worst. There are jsessionis cookies at every path of the application navigable path: at root / at /path1, at /path1/path2, etc.
In every path therefore has a session id, and if you logint at /account, and require login to access /account/dashboard, it is impossible to navigate to your /account/dashboard as the application receives a different sessionid, and hence you are redirected (based on application logic) to login page at /account/signin.xhtml, which now shows that you are logged (due to the jsessionid at /account being used during the login process)
This issue occurs whether i deploy the wars independently or packaged in an ear archive.
On separate or hosts or on the default host.
