-
Bug
-
Resolution: Done
-
Major
-
None
-
None
If a FORM login page happens to use GET instead of the typical POST to send the login credentials to a custom location, then the short session timeout from UNDERTOW-2378 / UNDERTOW-2264 is still seen after login.
- clones
-
UNDERTOW-2378 Adjust properly session timeout also in case when custom auth mechanisms are used
- Resolved
- is caused by
-
UNDERTOW-2264 CVE-2023-1973 SessionImpl objects + location strings are created and not cleaned up on authentication failures
- Reopened
- is cloned by
-
JBEAP-27330 [GSS](8.0.z) UNDERTOW-2409 - Adjust properly session timeout also in case when GET requests with custom auth mechanisms are used
- Resolved
- is incorporated by
-
JBEAP-26990 [GSS](7.4.z) UNDERTOW-2409 / UNDERTOW-2378 - Adjust properly session timeout also in case when custom auth mechanisms are used
- Closed
-
WFCORE-6862 CVE-2024-6162 CVE-2024-27316 Upgrade Undertow to 2.3.14.Final
- Resolved
- is related to
-
JBEAP-27369 [GSS](8.0.z) UNDERTOW-2418 - Adjust properly session timeout also in case when FORM is combined with other mechanisms
- Resolved
-
UNDERTOW-2418 Adjust properly session timeout also in case when FORM is combined with other mechanisms
- Closed
-
JBEAP-27368 [GSS](7.4.z) UNDERTOW-2418 - Adjust properly session timeout also in case when FORM is combined with other mechanisms
- QA In Progress