Bug 58665 - Sudden logout at base path
Summary: Sudden logout at base path
Status: RESOLVED DUPLICATE of bug 58660
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 8.0.29
Hardware: PC All
: P2 normal (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-28 14:17 UTC by Alex Dushkin
Modified: 2015-11-29 12:24 UTC (History)
1 user (show)



Attachments
Simple web application (1.64 KB, application/x-zip-compressed)
2015-11-28 14:17 UTC, Alex Dushkin
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Dushkin 2015-11-28 14:17:07 UTC
Created attachment 33309 [details]
Simple web application

1. Unpack http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.29/bin/apache-tomcat-8.0.29.zip

2. Uncomment users and roles in conf/tomcat-users.xml

3. Start Tomcat

4. Unpack and deploy the attached webapp "app" (jsp only)

5. Open the webapp page: http://localhost:8080/app/index

6. Login as tomcat/tomcat

7. Change path to http://localhost:8080/app - logged out!

Tomcat 8.0.28 just redirects back to index.
Comment 1 Mark Thomas 2015-11-28 15:24:37 UTC

*** This bug has been marked as a duplicate of bug 58660 ***
Comment 2 Konstantin Kolinko 2015-11-29 12:01:10 UTC
(In reply to Alex Dushkin from comment #0)
> 7. Change path to http://localhost:8080/app - logged out!
> 
> Tomcat 8.0.28 just redirects back to index.

Tomcat 8.0.29 also redirects back to index
(your WEB-INF/notfound.jsp does the redirection).

So you reproduction scenario does not work.
Tested with Mozilla Firefox 42.0

There is a bug in 8.0.29, but steps to reproduce it are a bit different.
See bug 58660 for a more complete description and a workaround.



BTW, your login.jsp submits to j_security_check instead of response.encodeURL("j_security_check"). It won't work if cookies are disabled.
Comment 3 Alex Dushkin 2015-11-29 12:24:11 UTC
(In reply to Konstantin Kolinko from comment #2)
> So you reproduction scenario does not work.
> Tested with Mozilla Firefox 42.0

It doesn't work in FF, but it works in Chrome (46.0.2490.86), Opera (33.0.1990.115), Edge (20.10240.16384.0).