Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.0
    • Fix Version/s: 4.0
    • Component/s: Web
    • Labels:
      None

      Description

      top.jsp in line 22 or so has a Page directive requiring a session.

      <%@ page session="true" %>

      It was suggested that the true is required for Tomcat 5.5, but false is fine for Tomcat 6 (and later?):
      https://github.com/Jasig/cas/commit/24de8c19d2ed3a7aaf490f5db3d0b8f48f7b747a

      Anyone see any reason I can't flip this back to false for a client adopting CAS under Tomcat 7? Troubleshooting a weird bug 1 and one effect of this directive in top.jsp is to make the logout JSP create a new session, which then (here's the weird part) gums up the next login attempt from that browser session within the servlet session duration. Flipping this back to false appears to resolve the bug, though of course I'll also want to follow up on why CAS can't cope with a fresh new session.

      Make the default false again, with the comment suggesting that Tomcat 5.5 adopters make the change.

      See this link for the discussion thread:
      http://jasig.275507.n4.nabble.com/top-jsp-session-true-td4658701.html

        Attachments

          Activity

            People

            • Assignee:
              mmoayyed Misagh Moayyed
              Reporter:
              mmoayyed Misagh Moayyed
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: