Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-958

FORM authentication fails to change URL session id after login

    XMLWordPrintable

Details

    • Hide

      -Put attached configurations and deployment (UNDERTOW-958-test.zip) in place
      -Launch jboss (./standalone.sh -c undertow958.xml)
      -Access the application (localhost:8080/undertow958) and attempt to login with admin/admin

      Show
      -Put attached configurations and deployment ( UNDERTOW-958 -test.zip) in place -Launch jboss (./standalone.sh -c undertow958.xml) -Access the application (localhost:8080/undertow958) and attempt to login with admin/admin

    Description

      URL session tracking does not work with FORM authentication. This is because the session id is changed after login, but the jsessionid in the URL is not updated accordingly. Thus, post login requests use the old jsessionid and fail.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-8386 [GSS](7.0.z) UNDERTOW-958 - FORM authentication fails to change URL session id after login

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              rhn-support-aogburn Aaron Ogburn
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: