• New Feature
  • Status: Open
  • 2 Major
  • Resolution:
  • DSO:L1
  • prodmgmt
  • Reporter: teck
  • May 01, 2008
  • 1
  • Watchers: 2
  • March 19, 2010


From the forums: http://forums.terracotta.org/forums/posts/list/1017.page

The singleSignOn valve depends on the tomcat specific extensions to HttpSession as defined in org.apache.catalina.Session. When terracotta sessions are used, we attempt to provide support for these extensions but we do not cover 100% of the interface. Specifically the tomcat specific session event listeners are essentially no-ops in our implementation (com.tc.tomcat.session.SessionInternal).

The SingleSignOn valve tries to add itself as an event listener which has no effect since addSessionListener() is empty in our implemenation. The net effect of this is that the bookkeeping done in that valve does not know when sessions are invalidated.

The main challenge in getting this working is the lifetime of our SessionInternal instance is only for a single request at the moment. The thing that needs to remember who the listeners are needs to have the same lifecycle as the session object itself.