Hi Friends (I need help on this immediately)
Am facing a strange issue rarely with my CAS production server.
Our CAS server and CASified application details,
CAS version : 3.4.2.1 (without login screen)
Tomcat server : Apache Tomcat 6.0.37
Internal applications : Domino applications,PHP & Java application.All are embedded in Liferay portal and we are accessing applications through liferay portal.
Liferay portal : Liferay-portal-6.1.2-ce-ga3
Issue:
We are facing a session issue with Domino applications(rest of the applications are working fine).
Issue in detail:
We have a Employee Info Bank application developed with IBM Lotus Notes technology which runs on IBM Domino server.This application contains all the personal information about the each and every employee and attendance CheckIn(marking attendance) option along with this.
Some times one user is getting another user's complete profile page.It is a very big issue for us.
We have written some custom code for Domino applications to work with CAS-SSO. What this will do is,it will get the remote username(logged in user AD name) and hit the AD LDAP with this username and frame the full name of the user and will create an LTPA token.With this LTPA token domino will create session for the particular user.
So here it might tried to create the LTPA token with the wrong session,so LTPA token contains some other user's session.
The custom code is a java project there we are doing the LTPA token creation process.
In that code we have added " this.session = this.request.getSession(false); " this snippet to kill the existing session.But it is not working it seems.
Any one faced this kind of issue...Kindly advice me to solve this.
I would be thankful for your response.
Thanks & Regards
Chitra
| Chitra Thambirajan | Software Engineer Mob :+91-9003078393 Mail: [email protected] | Web: www.iopex.com iOPEX technologies Excellence in OPEX optimization |
Disclaimer :
This e-mail message, including any attachment, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
-- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
