Uploaded image for project: 'OpenId Connect'
  1. OpenId Connect
  2. OIDC-128

User session is not destroyed when logging out

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 2.4.0
    • 1.32.1
    • Authenticator
    • Unknown

    Description

      The current XWiki HTTP session is not destroyed on logout. Only the OIDC provider Logout is called.
      The user could visit the XWiki again and still be logged in.

       

      Pull request: Security Fix: Destroy current session when logging out. by ndecker · Pull Request #15 · xwiki-contrib/oidc (github.com)

      Attachments

        Activity

          People

            tmortagne Thomas Mortagne
            n.decker@ndr.de Nils Decker
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: