geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-5738) The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null after HttpServletRequest.logout() invokes
Date Tue, 21 Dec 2010 08:48:01 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-5738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12973516#action_12973516
] 

David Jencks commented on GERONIMO-5738:
----------------------------------------

Is this with tomcat, jetty, or both?

> The value of HttpServletRequest.getRemoteUser()&getUserPrincipal() should be null
after HttpServletRequest.logout() invokes
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: GERONIMO-5738
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5738
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 3.0
>            Reporter: LiWenQin
>            Priority: Minor
>             Fix For: 3.0
>
>
> Run the testsuite\javaee6-testsuite\servlet3.0-security-test of G3.0.
> 1 test fails because of the value of HttpServletRequest.getRemoteUser()&getUserPrincipal()
are NOT null (in fact , values are both "george")after HttpServletRequest.logout() invokes.
> Since the value should be null according to the HttpServletRequest API, it is a bug needs
to fix on server.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message