On Thu, May 29, 2014 at 8:51 AM, Konstantin Kolinko <knst.koli...@gmail.com> wrote: > 2014-05-29 11:58 GMT+04:00 David Rees <dree...@gmail.com>: >> I've found that certain applications will no longer invalidate >> sessions after upgrading from 7.0.53 to 7.0.54. >> >> It seems to require clustering to be set up in Tomcat. If it's not set >> up, session invalidation works fine. >> >> So far, I can only trigger it in a webapp that uses Tapestry Spring Security. >> >> I see a few changes in the changelog related to session invalidate and >> clustering, could one of these changes be responsible? > > What are the symptoms?
The symptoms are that you expect the current session to be invalidated and issued a new session on subsequent requests, but instead the session remains valid and all data in the session remains. > Is there anything unusual in the log files? Nothing in the logs as far as I can tell. > Is a single web application affected, or it spans several applications > (via Single Sign On)? Only a single web application affected. > You may consider debugging. > http://wiki.apache.org/tomcat/FAQ/Developing#Debugging > > You may consider simplifying you configuration to build a simple > reproduce scenario for a bug report. Yes, those are my next steps, just haven't gotten that far yet and wanted to see if anyone else was seeing anything similar. Thanks Dave --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org