Uploaded image for project: 'Alfresco'
  1. Alfresco
  2. ALF-703

Web service start and end session does not close http session

    Details

    • Resolution Time Custom Field:
      99 weeks, 5 days, 18 hours, 15 minutes, 42 seconds

      Description

      Monitoring the tomcat sessions and the http requests/responses, we can see that when a session is started via startSession, an http session is created and a cookie is sent. But when the session is ended via endSession, the http session is not invalidated and a another session is created.

      The cookie should be sent when ending a session so that the http session can be invalidated.

      This behaviour seems to be present on version 2.1+

      We could add in AuthenticationWebService#endSession something like :

      HttpServletRequest req = (HttpServletRequest)
      MessageContext.getCurrentContext().getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
      if (req.getSession(false) != null)

      { req.getSession(false).invalidate(); }

      We would also need to modify AuthenticationUtils to send the session cookie when ending a session.

        Attachments

          Activity

            People

            • Assignee:
              closedbugs Closed Bugs
              Reporter:
              sylvainhalde Sylvain Halde (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response:

                Time Tracking

                Estimated:
                Original Estimate - 2 days
                2d
                Remaining:
                Time Spent - 1 day Remaining Estimate - 1 day
                1d
                Logged:
                Time Spent - 1 day Remaining Estimate - 1 day
                1d