|Summary:||Sudden logout at base path|
|Product:||Tomcat 8||Reporter:||Alex Dushkin <dushkin>|
|Component:||Catalina||Assignee:||Tomcat Developers Mailing List <dev>|
|Attachments:||Simple web application|
Description Alex Dushkin 2015-11-28 14:17:07 UTC
Created attachment 33309 [details] Simple web application 1. Unpack http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.29/bin/apache-tomcat-8.0.29.zip 2. Uncomment users and roles in conf/tomcat-users.xml 3. Start Tomcat 4. Unpack and deploy the attached webapp "app" (jsp only) 5. Open the webapp page: http://localhost:8080/app/index 6. Login as tomcat/tomcat 7. Change path to http://localhost:8080/app - logged out! Tomcat 8.0.28 just redirects back to index.
Comment 1 Mark Thomas 2015-11-28 15:24:37 UTC
*** This bug has been marked as a duplicate of bug 58660 ***
Comment 2 Konstantin Kolinko 2015-11-29 12:01:10 UTC
(In reply to Alex Dushkin from comment #0) > 7. Change path to http://localhost:8080/app - logged out! > > Tomcat 8.0.28 just redirects back to index. Tomcat 8.0.29 also redirects back to index (your WEB-INF/notfound.jsp does the redirection). So you reproduction scenario does not work. Tested with Mozilla Firefox 42.0 There is a bug in 8.0.29, but steps to reproduce it are a bit different. See bug 58660 for a more complete description and a workaround. BTW, your login.jsp submits to j_security_check instead of response.encodeURL("j_security_check"). It won't work if cookies are disabled.