On Fri, Mar 20, 2015 at 05:46:42PM -0400, Christopher Schultz wrote: > >On 3/20/15 4:27 PM, Baron Fujimoto wrote: >> I hope someone may be able to provide some insight or a solution to >> a problem we encountered after I upgraded from Tomcat 6 to 8. We're >> using Tomcat as the servlet container for our Shibboleth IdP SSO, >> which we use to authenticate to Google Apps. Google allows you to >> configure a URL used for logout. We have this pointed at a >> logout.jsp page that basically does the following (excerpted code >> cribbed from the shibboleth-users list): >> >> <https://groups.google.com/forum/#!msg/shibboleth-users/CFkau-FHCsA/yx7KRO9xMCoJ> >> >> >- --------------------- >> Cookie c; >> >> c = new Cookie("JSESSIONID", null); c.setPath("/idp"); >> c.setMaxAge(0); response.addCookie(c); >> >> c = new Cookie("_idp_session", null); c.setPath("/idp"); >> c.setMaxAge(0); response.addCookie(c); >> >> session.invalidate(); --------------------- >> >> This was working until I upgraded from Tomcat 6 to Tomcat 8. Since >> then, the cookies no longer seem to get wiped. Users are still >> logged in if they revist any of the Google Apps. >> >> Any suggestions or pointers on how to get this working again would >> be most appreciated. > >Try adding a trailing "/" onto the end of the path: > > c.setPath("/idp/");
Ok, that seems to work. So mahalo for that! But I'd feel a lot better if I knew *why* that worked, and how I should have been able to figure that out myself. What I find even more confusing is that on one system, if revert to a version of the script that doesn't add the trailing "/", it still works, but on another system, if I back out the change, it goes back to being broken. WAT? -baron -- Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
