lams-github

Server-side non-current session invalidation does not work well on

clustered WildFly 10. It breaks Infinispan distributed session cache and

makes a logged out user clear LAMS cookies, otherwise he/she gets a

blank screen. See WFLY-7281 and WFLY-7229.

So instead of invalidating a session we mark it for invalidation. The

next time the user tries to use it, the session gets invalidated and the

user gets an error screen (not a very clean solution, but more effective

than another filter which would nicely redirect the user to logout

screen).

This solution seems to work nicely if both browsers interact with the

same node. Since we use distributed session for failover rather than

replication, it should be OK. Show less