[ http://issues.apache.org/jira/browse/GERONIMO-677?page=all ]
David Jencks updated GERONIMO-677:
--
Summary: Repeated login (after session invalidation) with different
credentials results in incorrect role set. LOGIN MODULES ARE BEING REUSED
(was:
[ http://issues.apache.org/jira/browse/GERONIMO-677?page=all ]
Kevan Miller updated GERONIMO-677:
--
Attachment: my-changes.patch
> Repeated login (after session invalidation) with different credentials
> results in incorrect role set.
>
[ http://issues.apache.org/jira/browse/GERONIMO-677?page=all ]
David Blevins updated GERONIMO-677:
---
Fix Version: (was: 1.0-M4)
> Repeated login (after session invalidation) with different credentials
> results in incorrect role set.
>
[ http://issues.apache.org/jira/browse/GERONIMO-677?page=all ]
David Jencks updated GERONIMO-677:
--
Fix Version: 1.0-M4
1.0-M5
If reproducible this is serious.
> Repeated login (after session invalidation) with different credentials
>
[ http://issues.apache.org/jira/browse/GERONIMO-677?page=all ]
Ivan Dubrov updated GERONIMO-677:
-
Attachment: test.zip
Here is the sample application. Steps to reproduce the behaviour:
1. Open two browsers
2. Access localhost:8080/test/user from first b
[ http://issues.apache.org/jira/browse/GERONIMO-677?page=all ]
Ivan Dubrov updated GERONIMO-677:
-
Attachment: geronimo-application.xml
db_create.sql
Here is the deployment plan for the Geronimo and database schema used in mine
applicatio
[ http://issues.apache.org/jira/browse/GERONIMO-677?page=all ]
Ivan Dubrov updated GERONIMO-677:
-
Component: security
(was: web)
Priority: Critical (was: Major)
The issue seems more critical than it was!
Even loging in second ti