Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-121

Web Agent not updating headers when AM Session Attributes are changed




      Changes to AM Session Attributes are not being reflected in the Web Agents headers like the J2EE Agents provide.

      User A logs into through a protected URL … we have a custom auth module that, if the user has multiple account numbers in DB, displays a selection screen with all account numbers

      Once User A selects the account number (eg. Account Number # 1) we store that in an OpenAM Session called CUSTACCT

      The user is redirected to the the protected URL and the WebAgent populates CUST ACCT in the headers, which is accessible to customer’s protected web app

      User A decides they want to look at information from Account Number #2

      They click on a link to our account chooser.jsp (same logic as custom auth module) user selects account # 2 and JSP makes rest call to update openam session

      User A returns to previous page (page is reloaded)

      User A still sees account number # 1 on the page that is reading from the headers

      Currently the webagent removes cached user data (session/policy) on a new NotificationSet from AM with state="destroyed" in it or when cache TTL (set again by AM) times out.

      This is a request to update web agent cache when a new NotificationSet that is not in state="destroyed" but also in state="vaild".

      If a Session based attribute gets changed, the agent should refresh it's cache and update the headers/cookie as seen in the J2EE agent




            mareks Mareks Malnacs
            david.bate David Bate
            2 Vote for this issue
            7 Start watching this issue