svn commit: r1732488 - in /tomcat/trunk: java/org/apache/catalina/authenticator/AuthenticatorBase.java webapps/docs/changelog.xml

Fri, 26 Feb 2016 06:31:10 -0800 

Author: markt
Date: Fri Feb 26 14:30:43 2016
New Revision: 1732488

URL: http://svn.apache.org/viewvc?rev=1732488&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59043
Avoid warning while expiring sessions associated with a single sign on if 
HttpServletRequest.logout() is used.

Modified:
    tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1732488&r1=1732487&r2=1732488&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
(original)
+++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java 
Fri Feb 26 14:30:43 2016
@@ -912,7 +912,9 @@ public abstract class AuthenticatorBase
         Session session = request.getSessionInternal(false);
 
         if (session != null) {
-            if (changeSessionIdOnAuthentication) {
+            // If the principal is null then this is a logout. No need to 
change
+            // the session ID. See BZ 59043.
+            if (changeSessionIdOnAuthentication && principal != null) {
                 String oldId = null;
                 if (log.isDebugEnabled()) {
                     oldId = session.getId();

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1732488&r1=1732487&r2=1732488&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Feb 26 14:30:43 2016
@@ -116,6 +116,11 @@
         Refactor JAR scanning to reduce memory footprint. (markt)
       </fix>
       <fix>
+        <bug>59043</bug>: Avoid warning while expiring sessions associated with
+        a single sign on if <code>HttpServletRequest.logout()</code> is used.
+        (markt)
+      </fix>
+      <fix>
         <bug>59054</bug>: Ensure that using the
         <code>CrawlerSessionManagerValve</code> in a distributed environment
         does not trigger an error when the Valve registers itself in the



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to