locked
[Java] Is azure keeping a session when connection is made using management certificate(keystore file) by java sdk API? RRS feed

  • Question

  • I am developing a web application which is similar to azure portal. User has to give subscription ID and keystore file password at login time.
    What I observed is If I give correct keystore password and subscription ID for login and do a sign out and again login with incorrect password of keystore file then its not  considering the second time given password. Somehow it remembers the last credentials itself. But for a wrong subscription ID it complains every time. 

    Do I need to make some call to azure at sign out time to clear existing session so that  every time I got error in case of incorrect login credentials.

    Thanks.


    Wednesday, October 7, 2015 11:00 AM

Answers

  • Hi,

    From my experience, we need to provide the keystore password to process a http request, if give incorrect password, I don't think we can still process the request. As my first reply, I would suggest you check your code to see whether this keystore password is correct. If your application has more than one instance, please ensure enable HTTP session affinity, if you not do this, you may get the previous session.

    Best Regards,

    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, October 9, 2015 5:18 AM

All replies

  • Hi,

     Are you using Azure Web Apps (Websites) or Cloud services (Web and Worker Roles) to host your Web Application ?
     You might want to post your question at the Azure WebApps forums if you are using that service, so that you can get a better audience.
     
     I would also suggest you go through the following StackOverFlow article that discusses similar question.
     http://stackoverflow.com/questions/4505454/how-to-expire-session-in-java
     http://stackoverflow.com/questions/13707225/kill-session-and-redirect-to-login-page-on-click-of-logout-button
     
    Regards,
    Nithin Rathnakar

    Wednesday, October 7, 2015 6:50 PM
  • Hi,

    In my opinion, we need to set breakpoint to ensure we get the keystore password is what we expect, if you read it from the session, however this session has some issues, I think we have to clear the existing session and create a new one.

    In addition, if your web application is host in azure cloud service, please enable HTTP session affinity, or “sticky sessions”, for your roles, Once enabled, if you have more than one role instance, HTTP requests coming from a particular client will continue being handled by the same role instance. Refer to https://msdn.microsoft.com/library/azure/hh690950.aspx?f=255&MSPPError=-2147217396 for more details,

    Best Regards,

    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Thursday, October 8, 2015 2:30 AM
  • Hi Nitin,
    Thanks for your reply.
    I am using developer service(Azure Service Management, java), connecting to my azure subscription using subscription id and keystore file through azure java sdk. I am always doing session invalidation at logout time but still it remembers the previous given keystore file password. 
    Thursday, October 8, 2015 2:27 PM
  • Hi Jambor,
    Thanks for your reply.
    Subscription Id, keystore file path/password are given by user every time for login. And I always do session invalidation at logout time so that a fresh session initiate at next login but still it remembers the previous given keystore file password. 

    I guess azure remembers my first given credentials somehow for a given subscription ID and use it for every subsequent time. And I think there should be a call in java sdk to tell them to clear last given password so that user has to give correct keystore file password every time to connect to azure subscription.

    Thursday, October 8, 2015 2:45 PM
  • Hi,

    From my experience, we need to provide the keystore password to process a http request, if give incorrect password, I don't think we can still process the request. As my first reply, I would suggest you check your code to see whether this keystore password is correct. If your application has more than one instance, please ensure enable HTTP session affinity, if you not do this, you may get the previous session.

    Best Regards,

    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, October 9, 2015 5:18 AM