DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40775>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40775 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WORKSFORME | Version|5.5.17 |5.5.20 ------- Additional Comments From [EMAIL PROTECTED] 2007-02-12 07:11 ------- Hi, We have recently upgraded to Tomcat 5.5.20 so I have revisited this bug and noticed an error in my test case. The following steps should be used to reproduce this behavior: 1. Using form auth, log into webapp1 (by attempting to access a protected resource that does not exist) 2. Access a NONprotected resource in webapp2 (in my test I use a call to request.getRemoteUser() in this resource to verify that I am logged in). 3. Invalidating the session from webapp2 does not log you out. As you can see, webapp2 knows about the remoteUser and if you were to attempt to access a protected resource access would be granted. Considering this behavior it appears that you are in fact logged in to webapp2 by logging into webapp1 (as expected). The problem here is that if you are logged in then you should also be able to log out, but this is not possible until you actually access a protected resource. I have verified that this behavior is present in 5.5.20 and have provided test wars. Please have a look. Thanks, Mark -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
