Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8077

XUI does not overwrite stateless session on session upgrade

    Details

      Description

      After session upgrading a stateless session, a new cookie is returned to the user's browser containing the details of the upgraded session. The XUI currently does not overwrite its existing cookie with this new one, meaning the session upgrade never propagates back to the client (and is therefore 'lost' as the server retains no state).

      Steps to reproduce:

      i) Activate stateless sessions
      ii) Create an anonymous auth module, called anonymous
      iii) Log in with the anonymous auth module, &module=anonymous
      iv) Without logging out, log in with &service=ldapService as demo user

      You should see: The demo user's account page
      You do see: The anonymous user's account page

      Upon checking the state of the browser's cookies, the client still has the anonymous user's cookie rather than the newly-generated demo user's.

      The classic UI works correctly, and displays the anonymous user's account page.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                david.luna@forgerock.com David Luna
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: