Details
-
Bug
-
Resolution: Fixed
-
Major
-
1.32.1
-
Unknown
-
Description
The current XWiki HTTP session is not destroyed on logout. Only the OIDC provider Logout is called.
The user could visit the XWiki again and still be logged in.
Pull request: Security Fix: Destroy current session when logging out. by ndecker · Pull Request #15 · xwiki-contrib/oidc (github.com)