Uploaded image for project: 'Alfresco'
  1. Alfresco
  2. ALF-703

Web service start and end session does not close http session

    Details

    • Resolution Time Custom Field:
      99 weeks, 5 days, 18 hours, 15 minutes, 42 seconds

      Description

      Monitoring the tomcat sessions and the http requests/responses, we can see that when a session is started via startSession, an http session is created and a cookie is sent. But when the session is ended via endSession, the http session is not invalidated and a another session is created.

      The cookie should be sent when ending a session so that the http session can be invalidated.

      This behaviour seems to be present on version 2.1+

      We could add in AuthenticationWebService#endSession something like :

      HttpServletRequest req = (HttpServletRequest)
      MessageContext.getCurrentContext().getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
      if (req.getSession(false) != null)

      { req.getSession(false).invalidate(); }

      We would also need to modify AuthenticationUtils to send the session cookie when ending a session.

        Attachments

          Structure

            Activity

              People

              • Assignee:
                closedbugs Closed Bugs
                Reporter:
                sylvainhalde Sylvain Halde (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Date of First Response:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 days
                  2d
                  Remaining:
                  Time Spent - 1 day Remaining Estimate - 1 day
                  1d
                  Logged:
                  Time Spent - 1 day Remaining Estimate - 1 day
                  1d

                    Structure Helper Panel