Logout on windows close never clean user session

XMLWordPrintable

    • Critical
    • IMPORTANT: session id is cleaned now when user is logged out when browser window is closed and new one will be generate on next authentication. Before the fix the old session_id was reused on each authentication of the same user
    • Solves problem where user session was not cleaned up when closing the browser.

      Problem

      When logout on windows close is enabled and user closes or reloads the browser we send request to backend to log-out the user. Since the cookie was unset right after this call, the cookie never reached the backend and basically this left the session still valid in the backend.

      Solution

      Send the cookie as separat parameter and validate and process it on the backend. This should lead to logged out user.

            Assignee:
            Aleksandar Mitrev
            Reporter:
            Aleksandar Mitrev
            Thomas Lauria
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: