Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-9237

AuthenticatedUserThreadLocal does not clear on Logut Action

    • Icon: Suggestion Suggestion
    • Resolution: Fixed
    • 2.6.0
    • None
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      While investigating an issue with show-to macro, and discovering the content that should've been hidden upon logout, it was possibly diagnosed that the AuthenticatedUserThreadLocal does not clear on Logut Action.

      Read http://forums.atlassian.com/thread.jspa?threadID=19229 for more details.

            [CONFSERVER-9237] AuthenticatedUserThreadLocal does not clear on Logut Action

            This issue will be fixed in Confluence 2.6, which is due to be released this week.

            Per Fragemann [Atlassian] added a comment - This issue will be fixed in Confluence 2.6, which is due to be released this week.

            Mathew Lam added a comment -

            Thanks Matthew.
            Where do I check to see if this worked?

            Mathew Lam added a comment - Thanks Matthew. Where do I check to see if this worked?

            Fixed by modifying the ConfluenceAuthenticator to clear the AuthenticatedUserThreadLocal during logout.

            m@ (Inactive) added a comment - Fixed by modifying the ConfluenceAuthenticator to clear the AuthenticatedUserThreadLocal during logout.

            m@ (Inactive) added a comment - - edited

            Reproduction steps:

            1. Install the Visibility Plugin to get the show-to macro.
            2. Modify your main.vmd template and put something like this in it:

            TEST
            $helper.renderConfluenceMacro("{show-to:user=admin}ADMIN ONLY{show-to}")
            END TEST
            

            (I put it just after the displayGlobalMessages line)
            3. Navigate to a space and confirm that the above test information is displayed for admin.
            4. Click the Log Out link.

            The bug is that you will see this "admin only" information on the logout screen.
            Following the link from this page will correctly remove it from any other page.
            Refreshing the logout page will fix the display for the current page.

            I will look at the LogoutAction and see if explicitly clearing the current user fixes the problem.

            m@ (Inactive) added a comment - - edited Reproduction steps: 1. Install the Visibility Plugin to get the show-to macro. 2. Modify your main.vmd template and put something like this in it: TEST $helper.renderConfluenceMacro("{show-to:user=admin}ADMIN ONLY{show-to}") END TEST (I put it just after the displayGlobalMessages line) 3. Navigate to a space and confirm that the above test information is displayed for admin. 4. Click the Log Out link. The bug is that you will see this "admin only" information on the logout screen. Following the link from this page will correctly remove it from any other page. Refreshing the logout page will fix the display for the current page. I will look at the LogoutAction and see if explicitly clearing the current user fixes the problem.

              mjensen m@ (Inactive)
              jlargman Jeremy Largman
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: