https://bz.apache.org/bugzilla/show_bug.cgi?id=57865
Alessandro Trolli <alessandro.tro...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |---
--- Comment #10 from Alessandro Trolli <alessandro.tro...@gmail.com> ---
given provided web app and configuration files
steps to reproduce in 7.0.61 are:
* deploy the webapp twice in different contexts (e.g. /sso1 and /sso2)
* open http://localhost:8080/sso1/: it redirects to login form
* log in as tomcat user
* open http://localhost:8080/sso2/: user gets automatically authenticated
through sso feature
* click on logout on any of the two sessions
* user gets immediately reauthenticated because ssoid hasn't been deregistered
same steps in 7.0.59 allow the user to logout from both contexts
I've seen that code has changed again to accomodate
https://issues.apache.org/bugzilla/show_bug.cgi?id=57338
I haven't tested on trunk
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
