Tamás Marcinkovics created KNOX-3232:
----------------------------------------
Summary: Handle pac4j cookies with "null" value
Key: KNOX-3232
URL: https://issues.apache.org/jira/browse/KNOX-3232
Project: Apache Knox
Issue Type: Task
Components: KnoxSSO
Affects Versions: 3.0.0
Reporter: Tamás Marcinkovics
Assignee: Tamás Marcinkovics
When testing Knox SSO with Pac4j and CAS, if the user clicks on global logout,
and does not close the browser, refreshing the homepage link results in a 500
internal server error due to KnoxSessionStore not being able to get the value
of CasClient$attemptedAuthentication cookie.
When pac4j calls the
KnoxSessionStore.set() method with null value, we will add a Set-Cookie-Header
with "null" value instead of empty.
setCookieHeader = new SetCookieHeader(PAC4J_SESSION_PREFIX + key, null);
When KnoxSessionStore.get() is called, it tries to uncompress the non-empty
value and fails with a BufferUnderflowException.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
