[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Session Invalidate + isUserInRole Issue
Thanks Scott! I have to say you are really on top of things, I see your posts all over these forums. I am able to reproduce the intended behavior in 4.0.2 - the same as 4.0.1sp1. Is this behavior specified in the newer servlet spec? Just wondering why the results were different in JBoss 3.2.5? In any case upon using a response.redirect(/) as you suggest, the roles change. Thanks again! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3893142#3893142 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3893142 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Session Invalidate + isUserInRole Issue
New infomation: I was NOT able to reproduce the issue in [3.2.5 (build: CVSTag=JBoss_3_2_5 date=200406251954)] I am able to reproduce the issue in [4.0.1sp1 (build: CVSTag=JBoss_4_0_1_SP1 date=200502160314)] Downloading 4.0.2 right now - wll post the results. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3893010#3893010 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3893010 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Session Invalidate + isUserInRole Issue
A forwarded request does not go through the security stack so I don't expect that the request roles will have changed. A redirected reply will show the updated state as a new session will be required. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3893059#3893059 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3893059 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user