Major Description
If I invalidate another session from my current session it changes my current to null what generates another.
To explain better I attached a project example(session-test)
SessionListener keeps all valid session in a map to show in a web page
SessionController reads all sessions from SessionListener
index.xhtml shows in a page and a link to invalid all except the current session
What happens is the current session is missing at the end forcing to generate a new one
As I see in io.undertow.servlet.core.SessionListenerBridge.sessionDestroyed it sets the session to null (current.setSession(null)). I couldn't try with some changes yet.
But I think this should correct:
ServletRequestContext current = SecurityActions.currentServletRequestContext();
if (current != null && current.getSession().getSession() == session) {
current.setSession(null);
}
