LDEV-4293 Tune session log out Make sure mapping login->session is cleared in certain situations. Check if a session already exists for the given login. If so, invalidate one of the sessions.
LDEV-4293 Rewrite session invalidation mechanism Server-side non-current session invalidation does not work well on clustered WildFly 10. It breaks Infinispan distributed session cache and makes a logged out user clear LAMS cookies, otherwise he/she gets a blank screen. See WFLY-7281 and WFLY-7229. So instead of invalidating a session we mark it for invalidation. The next time the user tries to use it, the session gets invalidated and the user gets an error screen (not a very clean solution, but more effective than another filter which would nicely redirect the user to logout screen). This solution seems to work nicely if both browsers interact with the same node. Since we use distributed session for failover rather than replication, it should be OK.
Loading ...