Hello, We are running CAS 5.3, and tomcat 8.5.57 and experienced a scenario were a user logged into a saml2 service and saw another users information. They logged out and logged back in and saw their information. We encountered something similar in the past when we had CAS 3.6 and Tomcat 8.0 and it had to do with Tomcat using the same jsessionid for the user who authenticated a few seconds before and the user coming in after was given the same jsessionid. We would have to bounce the environment completely.
We have haveged installed on the VM to help, has anyone encountered a similar issue, we had one user report the issue unfortunately we don't see a way to capture this information in the logs and nothing in the logs stands out for this particular case. Thanks! ___________________ Juan Quintanilla [email protected]<mailto:[email protected]> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR05MB5042A1FBC70AF09CFBFD294D86A90%40BL0PR05MB5042.namprd05.prod.outlook.com.
