Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-2007

Digest mechanism needs sticky sessions

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.2.15.Final
    • None
    • Core, Security
    • None

      When the auth-method DIGEST is specified in the login-config section of the web.xml of an application, requests to this application do not get a session cookie in return until there is an authenticated session. In a load balanced environment, this becomes problematic as the response to the DIGEST challenge risks being sent to another node than the one that sent the challenge, which leads to authentication failure. This worked in EAP 6.3.1 after https://bugzilla.redhat.com/show_bug.cgi?id=1126490 so seems we have a similar issue to fix again here when moving to EAP 7/Wildfly.

              flaviarnn Flavia Rainone
              rhn-support-aogburn Aaron Ogburn
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: