Hi Josh,
Thanks so I presume we also want something like:
HttpServletRequest serveletRequest = (HttpServletRequest) request;
if
(HttpServletRequest.DIGEST_AUTH.equals(serveletRequest.getAuthType())) {
serveletRequest.getSession().invalidate();
}
In the servelet where we do this...
David
Yes. In addition to setting a timeout on sessions, I recommend
invalidating any session from a request containing a
"X-REQUESTED-AUTH: Digest" header.
Josh
On Oct 3, 2011, at 11:38 PM, David Horwitz wrote:
> Thanks Josh and Chris,
>
> I have jira'ed this as:
>
> http://opencast.jira.com/browse/MH-8205
>
> Seeing others are effected I would suggest this is considered a
blocker for the upcoming release 1.3 release. Josh am I correct in
reading that patching any of the servelet filters would fix this for
all sessions?
>
> Regards
>
> David
_______________________________________________
Matterhorn mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/matterhorn
To unsubscribe please email
[email protected]
_______________________________________________
