1 Reply Latest reply on Jan 18, 2019 2:35 AM by Martin Choma

    Wildfly 10, single sign on, logout issue

    Cory Dahlstrom Novice

      Morning,

       

      We have an application deployed as an EAR file with 2 WAR files.  We have turned on "single-sign-on" in the undertow subsystem for Wildfly 10.

       

      When a user has logged into the application and has hit links from both WARs they have 3 session cookies assigned to them, one for each WAR and JSESSIONIDSSO. 

       

      When we go to logout, we invalidate one of the sessions from one of the WARs (with have tried both).  The issue we are seeing is the session logout is not propagating to the other WAR session which seems to stay active forever.  We have some events that get called when a session is destroyed and those are not getting called for the session that we didn't explicitly invalidate.

       

      This seems to be a bug potentially related to this:  [WFLY-5546] The flushOnSessionInvalidation is not parsed correctly from jboss-web.xml - JBoss Issue Tracker   but I'm not sure.

       

      Does anyone know of a work around for this?

       

      Thanks,

       

      Cory.