Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7882

/service/local/authentication/logout should ask the user-agent to delete the session cookie

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.11.1
    • Fix Version/s: 3.0.0-m3, 2.11.2
    • Component/s: Security
    • Labels:
      None
    • Story Points:
      1
    • Sprint:
      Sprint 34, Sprint 35

      Description

      Currently a request to logout with a valid session cookie, will delete the server side session in Nexus, so that the originally sent session cookie value is no longer valid in the browser.

      However the response that comes back should ( but does not ) ask the user-agent to delete/expire the existing session cookie, so that it does not bother trying to send it again.

      We should make logout return a Set-Cookie header as expected that forces delete/expiry of the session cookie.

        Attachments

          Activity

            People

            Assignee:
            jtom Joe Tom
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title