[ALF-703] Web service start and end session does not close http session - Alfresco JIRA

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0 Enterprise
Fix Version/s: 3.4.a Community
Component/s: Repository
Labels:
None

Resolution Time Custom Field:
99 weeks, 5 days, 18 hours, 15 minutes, 42 seconds

Description

Monitoring the tomcat sessions and the http requests/responses, we can see that when a session is started via startSession, an http session is created and a cookie is sent. But when the session is ended via endSession, the http session is not invalidated and a another session is created.

The cookie should be sent when ending a session so that the http session can be invalidated.

This behaviour seems to be present on version 2.1+

We could add in AuthenticationWebService#endSession something like :

HttpServletRequest req = (HttpServletRequest)
MessageContext.getCurrentContext().getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
if (req.getSession(false) != null)

{ req.getSession(false).invalidate(); }

We would also need to modify AuthenticationUtils to send the session cookie when ending a session.

Attachments

Activity

People

Assignee:

Closed Bugs

Reporter:

Sylvain Halde (Inactive)

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

27-Jun-08 05:09 PM

Updated:

22-Mar-13 12:49 AM

Resolved:

27-May-10 11:25 AM

Date of First Response:

09/Jul/08 2:05 PM

Time Tracking

Estimated:

Remaining:

Logged: