top.jsp session=true

Description

top.jsp in line 22 or so has a Page directive requiring a session.

<%@ page session="true" %>

It was suggested that the true is required for Tomcat 5.5, but false is fine for Tomcat 6 (and later?):
https://github.com/Jasig/cas/commit/24de8c19d2ed3a7aaf490f5db3d0b8f48f7b747a

Anyone see any reason I can't flip this back to false for a client adopting CAS under Tomcat 7? Troubleshooting a weird bug [1] and one effect of this directive in top.jsp is to make the logout JSP create a new session, which then (here's the weird part) gums up the next login attempt from that browser session within the servlet session duration. Flipping this back to false appears to resolve the bug, though of course I'll also want to follow up on why CAS can't cope with a fresh new session.

Make the default false again, with the comment suggesting that Tomcat 5.5 adopters make the change.

See this link for the discussion thread:
http://jasig.275507.n4.nabble.com/top-jsp-session-true-td4658701.html

Environment

None

Status

Assignee

Misagh Moayyed

Reporter

Misagh Moayyed

Labels

None

Estimated End Date

None

Audience

None

Components

Fix versions

Affects versions

3.5.0

Priority

Major