[NEXUS-7882] /service/local/authentication/logout should ask the user-agent to delete the session cookie - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.11.1
Fix Version/s: 3.0.0-m3, 2.11.2
Component/s: Security
Labels:
None

Story Points:
1
Sprint:
Sprint 34, Sprint 35

Description

Currently a request to logout with a valid session cookie, will delete the server side session in Nexus, so that the originally sent session cookie value is no longer valid in the browser.

However the response that comes back should ( but does not ) ask the user-agent to delete/expire the existing session cookie, so that it does not bother trying to send it again.

We should make logout return a Set-Cookie header as expected that forces delete/expiry of the session cookie.

Attachments

Activity

People

Assignee:: Joe Tom

Reporter:: Peter Lynch

Last Updated By:: Peter Lynch

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 01/06/15 07:14 PM

Updated:: 01/22/15 10:48 PM

Resolved:: 01/22/15 10:48 PM

Date of First Response:: 22/Jan/15 9:40 PM