Open uthaiyashankar opened 5 years ago
While testing an issue related to session fixation, we have identified that after invalidating the session it becomes read only, if we have configured "sessionDestroyedListeners" in jaggery.conf of the application [1]. We have identified [2] has already removed read only property from WebAppManager. Please provide a patch for org.jaggeryjs.jaggery.core 0.12.6 fixing above issue. [1] https://github.com/wso2/jaggery/blob/v0.12.6/components/jaggery-core/org.jaggeryjs.jaggery.core/src/main/java/org/jaggeryjs/jaggery/core/listeners/WebAppSessionListener.java#L114 [2] https://github.com/wso2/jaggery/commit/70b7c1de5abe4752b880747a597651b8f551812b
Moved from https://wso2.org/jira/projects/JAGGERY/issues/JAGGERY-432
uthaiyashankar
commented
5 years ago uthaiyashankar
commented
5 years ago
While testing an issue related to session fixation, we have identified that after invalidating the session it becomes read only, if we have configured "sessionDestroyedListeners" in jaggery.conf of the application [1]. We have identified [2] has already removed read only property from WebAppManager. Please provide a patch for org.jaggeryjs.jaggery.core 0.12.6 fixing above issue. [1] https://github.com/wso2/jaggery/blob/v0.12.6/components/jaggery-core/org.jaggeryjs.jaggery.core/src/main/java/org/jaggeryjs/jaggery/core/listeners/WebAppSessionListener.java#L114 [2] https://github.com/wso2/jaggery/commit/70b7c1de5abe4752b880747a597651b8f551812b