Ticket #764 (closed enhancement: fixed)

Opened 10 months ago

Last modified 8 months ago

Get rid of InitializeSessionOnLoginFilter

Reported by: pradeep Assigned to: jsuttor
Priority: medium Milestone:
Component: ambra Version: 0.8.2-SNAPSHOT
Keywords: cas, authentication Cc:
Blocking: Blocked By:

Description

What this filter is doing is detecting certain authentication state changes and creating a new HttpSession? copy. These can easily be done ins UserAccountsIntercepter? without creating a new HttpSession? and doing the copy. There are no other Servlet Filters in chain before hitting struts. So this should not be a problem.

Dependency Graph

Change History

01/21/08 09:58:25 changed by rich

  • milestone deleted.

03/07/08 16:22:44 changed by jkirton

(In [4935]) Syntax clean up. addresses #764 (Prep for in process fix)

03/10/08 12:00:15 changed by jkirton

  • status changed from new to closed.
  • resolution set to fixed.

(In [4942]) Fixes #764

Thanks to Pradeep's invaluable help and UserAccountsInterceptor? patch, InitializeSessionOnLoginFilter? has been eliminated so we are no longer invalidating http sessions! This is critical as InitializeSessionOnLoginFilter? was responsible for session invalidations essentially for all AJAX requests sending data to the server ultimately as a result of an always null cas pgt_iou token. Also, per r3920, InitializeSessionOnLoginFilters? should have been removed then.

03/11/08 10:29:03 changed by jkirton

(In [4952]) addresses #764 Added re-entrancy check for the UserAccountsInterceptor? which is necessary because of action chaining where in such cases the user-id will be treated as the auth-id. Pradeep advised me of this and so made the necessary changes.

04/02/08 11:49:21 changed by alex

(In [5256]) Merged revisions 4935 via svnmerge from http://gandalf.topazproject.org/svn/branches/0.8.2.2

........

r4935 | jkirton | 2008-03-07 16:22:43 -0800 (Fri, 07 Mar 2008) | 2 lines

Syntax clean up. addresses #764 (Prep for in process fix)

........

04/03/08 19:03:14 changed by alex

(In [5353]) Merged revisions 4942 via svnmerge from http://gandalf.topazproject.org/svn/branches/0.8.2.2

........

r4942 | jkirton | 2008-03-10 12:00:15 -0700 (Mon, 10 Mar 2008) | 5 lines

Fixes #764

Thanks to Pradeep's invaluable help and UserAccountsInterceptor? patch, InitializeSessionOnLoginFilter? has been eliminated so we are no longer invalidating http sessions! This is critical as InitializeSessionOnLoginFilter? was responsible for session invalidations essentially for all AJAX requests sending data to the server ultimately as a result of an always null cas pgt_iou token. Also, per r3920, InitializeSessionOnLoginFilters? should have been removed then.

........

04/03/08 19:08:26 changed by alex

(In [5354]) Merged revisions 4952 via svnmerge from http://gandalf.topazproject.org/svn/branches/0.8.2.2

........

r4952 | jkirton | 2008-03-11 10:29:03 -0700 (Tue, 11 Mar 2008) | 4 lines

addresses #764 Added re-entrancy check for the UserAccountsInterceptor? which is necessary because of action chaining where in such cases the user-id will be treated as the auth-id. Pradeep advised me of this and so made the necessary changes.

........