Skip to main content

Glassfish-3.0.1 mixing user sessions - SSO

Please note these java.net forums are being decommissioned and use the new and improved forums at https://community.oracle.com/community/java.
No replies
mduffour
Offline
Joined: 2014-05-27

Hi, we are experiencing a strange behaviour, we have an application (jsf 2.2.4 embedded) that has a login form, glassfish has SSO enabled and a custom realm (LDAP). We have also several applications (some with jsf 2.2.4 embedded, others using jsf implementation of glassfish) that are linked by the application that contains the login form.

For some reason when glassfish has created 300 - 400 sessions approximately or cpu is at high rate or maybe at some random moment, and we navigate from the main application to the others and then return to the main application, at some point glassfish changes the jsessionidsso cookie, assigning a new one. The thing is that sometimes that cookie represents the session of another user, so thats where we have a session mix and can see the information of another user.

We are running Glassfish-3.0.1 on a Centos-6.5, no proxy.

We have already tried updating weld following this guide http://www.andygibson.net/blog/quickbyte/updating-weld-in-glassfish-v3/ but we are currently experiencing the same behaviour.

Can someone point us to the right direction? What could it be?

Thanks so much! Regards, Mateo.