Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-132694

After logout, session exists before processing /home

    Details

      Description

      Steps to reproduce:

      1. Start a portal
      2. Attach a debugger to portal
      3. Set a breakpoint at first line in invokerFilterChain.doFilter(), at condition of ((HttpServletRequest)servletRequest).getRequestURL() != null && !((HttpServletRequest)servletRequest).getRequestURL() .contains("/c")"
      4. Add a watch point: ((HttpServletRequest)servletRequest).getSession(false)
      5. Access portal, for example, at localhost:8080
      6. Verify the watch point is null
      7. Disable the breakpoint, and let go
      8. Login to portal
      9. Enable the breakpoint
      10. Logout from portal

      Expected: watch point is null
      Actual: watch point is not null

      Some findings:
      The log out process:

      1. Portal first process /c/portal/logout, session is invalidated, then sends a response to redirect to /c.
      2. portal receives request of /c, notice with no existing session. During processing /c, a new session is created because of calling httpServletRequest.getSession(), and sends a response to redirect to portal home, /home.
      3. portal receives request of /home with a session that is left over from processing /c.

      Portal first process http://localhost:8080/c/portal/logout, during which the session is invalidated, then sends a direct request to http://localhost:8080/c, see referer_common.jsp

      else if (themeDisplay != null) {
      	referer = themeDisplay.getPathMain();
      }
      else {
      	referer = PortalUtil.getPathMain();
      }
      

      During processing http://localhost:8080/c, the portal go through several filters, including AuditFilter.java, Secure filter.java which creates a new session with httpServeletRequest.getSession() or calls to Portal.getUser() that creates new session.

        Attachments

          Activity

            People

            Assignee:
            tomas.polesovsky Tomáš Polešovský
            Reporter:
            arthur.chen Arthur Chen
            Participants of an Issue:
            Recent user:
            Arthur Chen
            Engineering Assignee:
            Arthur Chen
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              17 weeks, 2 days ago

                Packages

                Version Package