Wildfly 10 and shared-session-config
marcial.atienzar Feb 3, 2016 5:36 AMHello,
I'm testing how wildfly 10 manage shared-session-config. I've an EAR with this config on jboss-all.xml
<?xml version="1.0" encoding="UTF-8"?> <jboss umlns="urn:jboss:1.0"> <shared-session-config xmlns="urn:jboss:shared-session-config:1.0"> <session-config> <session-timeout>5</session-timeout> <cookie-config> <path>/</path> <name>SESSIONID</name> <http-only>true</http-only> </cookie-config> </session-config> </shared-session-config> </jboss>
I open a browser and login to the app. After that I close the browser.
After 5 minutes I can see launching this command on jboss-cli.sh:
/deployment=portal.ear/subdeployment=kyrian-war.war/subsystem=undertow:read-attribute(name=active-sessions)
That I've 1 active session. And launching this command:
/subsystem=security/security-domain=kyrianAuthRealm:list-cached-principals
I see the user connected.
After 30 minutes, I see that:
- I've 0 active sessions
- list-cached-principals command continue showing the user connected
I've activate SSO between webapps on standalone-full.xml with this:
<server name="default-server"> <http-listener name="default" max-post-size="100000000" socket-binding="http" redirect-socket="https"/> <host name="default-host" alias="localhost"> <location name="/" handler="welcome-content"/> <single-sign-on cookie-name="SESSIONSSO" http-only="true"/> </host> </server>
Is this a expected behaviour? or I'm doing something wrong?
May I need to fill a ticket?
To solve this behaviour, I've created a servlet listener, that on session destroyed I'm flussing realm credentials with this code:
ObjectName jaasMgr = new ObjectName("jboss.as:subsystem=security,security-domain=kyrianAuthRealm"); MBeanServer server = (MBeanServer)MBeanServerFactory.findMBeanServer((String)null).get(0); server.invoke(jaasMgr, "flushCache", new Object[]{userId}, new String[]{"java.lang.String"});
Lot of thanks,
Marcial