Project

General

Profile

Actions

Task #3342

closed

SSO tokens are preserved across browser sessions

Added by Guilhem Moulin about 4 years ago. Updated about 4 years ago.

Status:
Rejected
Priority:
High
Category:
Single Sign-On
Target version:
-
Start date:
Due date:
% Done:

0%

Tags:

Description

From André Littoz 's #3341:

I disconnected from the Discourse session by using the menu command associated with "avatar" at top right of screen (labeled Log Out). I was effectively disconnected but some token (cookie?) remained on my computer.

Next time I logged in, I did not need to enter manually my credentials as the token was automatically used (even if my computer was rebooted to make sure I started afresh).

Cookies set by the Single Sign-On system should be deleted when the current session ends. (I.e., expire and max-age attributes needs to be absent in the Set-Cookie header.)

Actions

Also available in: Atom PDF