[MAGNOLIA-6476] LogoutFilter continues chaining after sendredirect Created: 29/Dec/15 Updated: 19/May/22 Resolved: 19/May/22 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | 5.4, 5.4.1, 5.4.2, 5.4.3 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor |
| Reporter: | Nickolaus Wing | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
| Template: |
|
| Patch included: |
Yes
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: |
| Description |
|
LogoutFilter.java uses HttpServletResponse.sendRedirect() but then continues chaining filters. This is never a good idea, and indeed leads to 500 errors in several situations when later filters attempt to send redirects or take other actions. It's been particularly troubling for the CAS authentication module, though I was able to work around it. Patch included just stops the chain so that the redirect happens immediately. There's also a useless chain reset in there that I didn't bother to clean out, but it probably should be done. |
| Comments |
| Comment by Roman Kovařík [ 19/May/22 ] |
|
Hello, This ticket is now marked as closed due to one of the following reasons:
If you are still facing a problem or consider this issue still relevant, please feel free to re-open the ticket and we will reach out to you. Thank you, |