Graceful Shutdown Does Not Block New Sessions If You Access Secured Web Resouces
Last updated on APRIL 14, 2018
Applies to:Oracle Weblogic Server - Version 10.3.4 to 10.3.6
Information in this document applies to any platform.
When WLS server is in suspending mode, a call to a page protected by form authentication will still allow for session creation.
This issue can be replicated using 2 war files deployed on the same server.
- Create and deploy a simple web app which contains a simple JSP page. (Application 1)
- Create and deploy a web app with a JSP page protected by form authentication. (Application 2)
- Access Application 1 JSP page so that an HTTP session is established on Application 1
- Graceful shutdown WLS server, so the server state changes from running to suspending
- Access protected JSP (Application 2)
- If you are allowed(which should not happne) to login the protected JSP, then this bug is hit.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms