[SLING-2391] Make sure the impersonation cookie is cleared on logout - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Auth Core 1.0.6
Fix Version/s: Auth Core 1.1.0
Component/s: Authentication
Labels:
None

Description

On logout the impersonation cookie is not currently cleared. This causes impersonation to remain active even for the next login.

This may be a security problem as well as preventing the user to not be able to work on the instance if trying to log in with a user not able to impersonate.

Attachments

Activity

People

Assignee:: Felix Meschberger

Reporter:: Felix Meschberger

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 30/Jan/12 11:50

Updated:: 30/Nov/12 17:56

Resolved:: 30/Jan/12 11:53