[SHIRO-595] Allow for POST only logout requests - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.4.0-RC2
Component/s: None
Labels:
None

Description

See:
http://stackoverflow.com/questions/3521290/logout-get-or-post

A logout causes a change of state, so should NOT be a GET.

Also, due to browser pre-fetching, a typing http://localhost:8080/log may cause a prefetch to /logout

To stay backwards compatible, this need to be an op-in feature.

The proposed solution set a shiro.postOnlyLogout = true attribute, (same as logout.postOnlyLogout = true)

Attachments

Activity

People

Assignee:: Brian Demers

Reporter:: Brian Demers

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Oct/16 14:15

Updated:: 21/Oct/16 14:55

Resolved:: 21/Oct/16 14:55