0 Replies Latest reply on Feb 3, 2016 5:36 AM by marcial.atienzar

    Wildfly 10 and shared-session-config

    marcial.atienzar

      Hello,

       

      I'm testing how wildfly 10 manage shared-session-config. I've an EAR with this config on jboss-all.xml

       

       

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss umlns="urn:jboss:1.0">
          <shared-session-config xmlns="urn:jboss:shared-session-config:1.0">
              <session-config>
                  <session-timeout>5</session-timeout>
                  <cookie-config>
                      <path>/</path>
                      <name>SESSIONID</name>
                      <http-only>true</http-only>
                  </cookie-config>
              </session-config>
          </shared-session-config>
      </jboss>
      

       

      I open a browser and login to the app. After that I close the browser.

       

      After 5 minutes I can see launching this command on jboss-cli.sh:

      /deployment=portal.ear/subdeployment=kyrian-war.war/subsystem=undertow:read-attribute(name=active-sessions)
      

       

      That I've 1 active session. And launching this command:

      /subsystem=security/security-domain=kyrianAuthRealm:list-cached-principals
      
      

       

      I see the user connected.

       

      After 30 minutes, I see that:

      1. I've 0 active sessions
      2. list-cached-principals command continue showing the user connected

       

      I've activate SSO between webapps on standalone-full.xml with this:

      <server name="default-server">
                      <http-listener name="default" max-post-size="100000000" socket-binding="http" redirect-socket="https"/>
                      <host name="default-host" alias="localhost">
                          <location name="/" handler="welcome-content"/>
                          <single-sign-on cookie-name="SESSIONSSO" http-only="true"/>
                      </host>
      </server>
      

       

       

      Is this a expected behaviour? or I'm doing something wrong?

       

      May I need to fill a ticket?

       

      To solve this behaviour, I've created a servlet listener, that on session destroyed I'm flussing realm credentials with this code:

      ObjectName jaasMgr = new ObjectName("jboss.as:subsystem=security,security-domain=kyrianAuthRealm");
      MBeanServer server = (MBeanServer)MBeanServerFactory.findMBeanServer((String)null).get(0);
      server.invoke(jaasMgr, "flushCache", new Object[]{userId}, new String[]{"java.lang.String"});
      

       

      Lot of thanks,

       

           Marcial