Bug 59043 - SingleSignOn valve warns about missing session when invoking HttpServletRequest.logout
Summary: SingleSignOn valve warns about missing session when invoking HttpServletReque...
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 8.0.32
Hardware: PC All
: P2 major (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-22 15:01 UTC by Roberto Benedetti
Modified: 2019-07-26 06:25 UTC (History)
2 users (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Roberto Benedetti 2016-02-22 15:01:03 UTC
When HttpServletRequest.logout() is invoked, first the ID of the current session is changed, then all the sessions in SingleSignOnEntry are expired, but the current one has changed its ID, hence the annoying warning.

From the log:
...
FINE [http-nio-8080-exec-3] AuthenticatorBase.register Authenticated 'john.doe' with type 'FORM'
FINE [http-nio-8080-exec-3] AuthenticatorBase.register Session ID changed on authentication from [6F6874832A811D2B69AA06F3745C4CC7] to [FD2777025AC71CA72A44545472DAB5C2]
FINE [http-nio-8080-exec-3] SingleSignOn.register SSO registering SSO session [9284A1891047D0FA96629C9059528302] for user [john.doe] with authentication type [FORM]
FINE [http-nio-8080-exec-3] SingleSignOn.associate SSO associating application session [StandardSession[FD2777025AC71CA72A44545472DAB5C2]] with SSO session [9284A1891047D0FA96629C9059528302]
...
FINE [http-nio-8080-exec-4] AuthenticatorBase.register Authenticated 'none' with type 'null'
FINE [http-nio-8080-exec-4] AuthenticatorBase.register Session ID changed on authentication from [FD2777025AC71CA72A44545472DAB5C2] to [DCE8372B4BF6AD84F63BF5664D8E941E]
FINE [http-nio-8080-exec-4] SingleSignOn.deregister SSO expiring application session [Host: [localhost], Context: [/app], SessionID: [FD2777025AC71CA72A44545472DAB5C2]] associated with SSO session [9284A1891047D0FA96629C9059528302]
WARNING [http-nio-8080-exec-4] SingleSignOn.expire SSO unable to expire session [Host: [localhost], Context: [/app], SessionID: [FD2777025AC71CA72A44545472DAB5C2]] because the Session could not be found
...
Comment 1 Mark Thomas 2016-02-26 14:37:40 UTC
Thanks for the report.

This has been fixed in 9.0.x for 9.0.0.M4 onwards, 8.0.x for 8.0.33 onwards and 7.0.x for 7.0.69 onwards.
Comment 2 Mark Thomas 2016-03-08 20:31:30 UTC
*** Bug 59145 has been marked as a duplicate of this bug. ***