Uploaded image for project: '[Read Only] - Hippo Site Toolkit 2'
  1. [Read Only] - Hippo Site Toolkit 2
  2. HSTTWO-4615

Cleanup code in HST that assumes that a channel mgr site http session can 'survive' a cms logout

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 13.3.0
    • Component/s: None
    • Labels:
      None
    • Similar issues:
    • Processed by team:
      Pulsar
    • Sprint:
      Platform 211 Eng OKRs

      Description

      In CMS-11985 we have made sure that after cms logout, the http session of site webapps always are invalidated as well if the site was accessed via the channel mgr.

      The HST CmsSSOAuthenticationHandler still contains however code that takes care of the old use case where one would logout from the cms webapp, but keep its site webapp http session. This is not possible any more since CMS-11985, so the code below can just be replaced by just HttpSession httpSession = containerRequest.getSession();

              HttpSession httpSession = containerRequest.getSession(false);
      
              // if the (HST) http session already exists, it might be because the user logged out from cms and logged in with
              // different user or logged in with same user again but the authorization rules for example changed (that is
              // why the user for example logged out and in). However, now it can happen that we have stale jcr sessions
              // still on the HttpSessionBoundJcrSessionHolder attribute of the HST http session. We need to clear these
              // now actively
              if (httpSession != null) {
                  HttpSessionBoundJcrSessionHolder.clearAllBoundJcrSessions(HTTP_SESSION_ATTRIBUTE_NAME_PREFIX_CMS_PREVIEW_SESSION, httpSession);
              } else {
                  httpSession = containerRequest.getSession(true);
              }
      
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                aschrijvers Ard Schrijvers
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: