Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7882

/service/local/authentication/logout should ask the user-agent to delete the session cookie

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 3.0.0-m3, 2.11.2
    • 2.11.1
    • Security
    • None
    • 1
    • Sprint 34, Sprint 35

    Description

      Currently a request to logout with a valid session cookie, will delete the server side session in Nexus, so that the originally sent session cookie value is no longer valid in the browser.

      However the response that comes back should ( but does not ) ask the user-agent to delete/expire the existing session cookie, so that it does not bother trying to send it again.

      We should make logout return a Set-Cookie header as expected that forces delete/expiry of the session cookie.

      Attachments

        Activity

          People

            jtom Joe Tom
            plynch Peter Lynch
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              tigCommentSecurity.panel-title