Issue #6685: logout does not work properly - freeipa

freeipa

#6685 logout does not work properly

Closed: Fixed None Opened 7 years ago by simo.

Once you authenticate, clicking on the logout button redirects you back to the authentication page however it does not cause the session cookie to be deleted as it should.

To avoid browser issues like this, we should probably find a way to blacklist session cookies for sessions where an explicit logout was called, and simply refuse service if such session is revived.

This will also prevents access if a session cookie was stolen.

mbabinsk commented 7 years ago

master:

908d2ea Fix session logout

Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: FreeIPA 4.5

7 years ago

Metadata

Assignee

simo

Tags

None

Blocking

None

Depending on

None

Priority

critical

Milestone

FreeIPA 4.5

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

https://github.com/freeipa/freeipa/pull/485

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#6685 logout does not work properly Closed: Fixed None Opened 7 years ago by simo.

Metadata

#6685 logout does not work properly

Closed: Fixed None Opened 7 years ago by simo.