Jan Bernhardt created FEDIZ-112:
-----------------------------------
Summary: Restore Request Race Condition in Tomcat Plugin
Key: FEDIZ-112
URL: https://issues.apache.org/jira/browse/FEDIZ-112
Project: CXF-Fediz
Issue Type: Bug
Components: Plugin
Affects Versions: 1.1.2
Reporter: Jan Bernhardt
Assignee: Jan Bernhardt
Fix For: 1.2.0
If a active session at the RP runs into a timeout and the user refreshes this
page, it sometimes happens that the browser sends two or more requests to the
web server almost simultaneously because of embedded images in the RP web page.
The tomcat plugin only stores the last request for restoration once a valid
SAML token is presented. In such cases it can happen that the last request is
not the URL of the web page, but of an image. If the user logs in to the IDP
and is redirected back to the RP, he/she does not see the web page but a single
image instead.
By using unique generated ID from the wctx each request could be restored
correctly and individually, thus solving this issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
