[#JS2-156] Logging on does not create a new session in /jetspeed webapp

Jetspeed 2

Logging on does not create a new session in /jetspeed webapp

Created: 22/Oct/04 11:59 PM Updated: 24/Mar/05 09:12 AM

Return to search

Component/s:

Container

Affects Version/s:

2.0-dev/cvs

Fix Version/s:

2.0-dev/cvs, 2.0-M2

Time Tracking:

Not Specified

Resolution Date:

24/Mar/05 09:12 AM

Description

« Hide

Logging on does not create a new session in /jetspeed webapp
It seems like it only creates a new session in the /security webapp
All portlet apps need to have their session reset

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

[ Permlink | « Hide ]

Ate Douma added a comment - 25/Oct/04 03:10 PM

David, I checked this out, and you are right that the session(s) are not created anew after login: the current sessions are reused. But, logging out *does* invalidate all the sessions.

So, if I understand the problem correctly, this issue concerns anonymous session data which you want to be discarded after a user logs on, correct?

I think in certain situations (shoppingcard comes to my mind) this is exactly what you would want. I think portlets applications which allow anonymous access should take real care what they save in the session.
If it really needs its session to be cleared after login, maybe a session listener could detect login (I haven't tested that out yet though) and clear the attributes.

Anyways, my first impression is that (assuming my assumptions from above are correct) this isn't a fault of Tomcat nor the Jetspeed login functionality.

[ Permlink | « Hide ]

Ate Douma added a comment - 24/Mar/05 09:12 AM

Its not a bug, its a feature ;-)
Anyway, after logoff, all (sub)sessions are automatically logged out too.