JBoss 5.1/JBossweb-2.1.12 Invalidating session does not invalidate all SSO session

Comments

We are using the unclustered SSO valve. Invalidating a session does not invalidate all other session tied to the SSO cookie. The problem is intermittent. Upgrading to a newer version of JBoss is not an option, so I am looking for a configuration or patch solution. I am not entirely sure yet, but I think that when it does work the org.apache.catalina.authenticator.SingleSignOn.deregister method is being invoked and when it fails, it is not. So, perhaps it is a problem with HttpSessionListeners not firing correctly, or in the wrong order.

Started 2015-11-19T16:55:05+00:00 by

Richard Ogin

Newbie 12 points

Responses

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

JBoss 5.1/JBossweb-2.1.12 Invalidating session does not invalidate all SSO session

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links