Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-132694

After logout, session exists before processing /home



      Steps to reproduce:

      1. Start a portal
      2. Attach a debugger to portal
      3. Set a breakpoint at first line in invokerFilterChain.doFilter(), at condition of ((HttpServletRequest)servletRequest).getRequestURL() != null && !((HttpServletRequest)servletRequest).getRequestURL() .contains("/c")"
      4. Add a watch point: ((HttpServletRequest)servletRequest).getSession(false)
      5. Access portal, for example, at localhost:8080
      6. Verify the watch point is null
      7. Disable the breakpoint, and let go
      8. Login to portal
      9. Enable the breakpoint
      10. Logout from portal

      Expected: watch point is null
      Actual: watch point is not null

      Some findings:
      The log out process:

      1. Portal first process /c/portal/logout, session is invalidated, then sends a response to redirect to /c.
      2. portal receives request of /c, notice with no existing session. During processing /c, a new session is created because of calling httpServletRequest.getSession(), and sends a response to redirect to portal home, /home.
      3. portal receives request of /home with a session that is left over from processing /c.

      Portal first process http://localhost:8080/c/portal/logout, during which the session is invalidated, then sends a direct request to http://localhost:8080/c, see referer_common.jsp

      else if (themeDisplay != null) {
      	referer = themeDisplay.getPathMain();
      else {
      	referer = PortalUtil.getPathMain();

      During processing http://localhost:8080/c, the portal go through several filters, including AuditFilter.java, Secure filter.java which creates a new session with httpServeletRequest.getSession() or calls to Portal.getUser() that creates new session.




            tomas.polesovsky Tomáš Polešovský
            arthur.chen Arthur Chen
            Kiyoshi Lee Kiyoshi Lee
            Arthur Chen Arthur Chen
            0 Vote for this issue
            0 Start watching this issue


              1 year, 19 weeks ago


                Version Package