Graceful Shutdown Does Not Block New Sessions If You Access Secured Web Resouces
(Doc ID 1390997.1)
Last updated on SEPTEMBER 09, 2021
Applies to:Oracle WebLogic Server - Version 10.3.4 to 10.3.6
Information in this document applies to any platform.
When WLS server is in suspending mode, a call to a page protected by form authentication will still allow for session creation.
This issue can be replicated using 2 war files deployed on the same server.
- Create and deploy a simple web app which contains a simple JSP page. (Application 1)
- Create and deploy a web app with a JSP page protected by form authentication. (Application 2)
- Access Application 1 JSP page so that an HTTP session is established on Application 1
- Graceful shutdown WLS server, so the server state changes from running to suspending
- Access protected JSP (Application 2)
- If you are allowed(which should not happne) to login the protected JSP, then this bug is hit.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document