[
https://issues.apache.org/jira/browse/GERONIMO-5738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12973516#action_12973516
]
David Jencks commented on GERONIMO-5738:
----------------------------------------
Is this with tomcat, jetty, or both?
> The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be
> null after HttpServletRequest.logout() invokes
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: GERONIMO-5738
> URL: https://issues.apache.org/jira/browse/GERONIMO-5738
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0
> Reporter: LiWenQin
> Priority: Minor
> Fix For: 3.0
>
>
> Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
> 1 test fails because of the value of
> HttpServletRequest.getRemoteUser()&getUserPrincipal() are NOT null (in fact ,
> values are both "george")after HttpServletRequest.logout() invokes.
> Since the value should be null according to the HttpServletRequest API, it is
> a bug needs to fix on server.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
