Ticket #883 (closed task: fixed)
[S] [WG] Logout at remote site doesn't seem to work as expected
Reported by: | lawrence | Owned by: | pjkersha |
---|---|---|---|
Priority: | required | Milestone: | PROD Final |
Component: | security | Version: | |
Keywords: | Cc: |
Description
If I login at BADC, then go to PML, get redirected to WAYF, accept BADC, and get a nice page saying I'm logged in with roles, things are fine (it probably should say where I'm logged in), but then when I try and logout (at PML) nothing obvious happens there ... (i.e all roles etc seem visible).
It would seem however, that I'm still logged in at badc too, but I have lost my cookie from my sandbox ... I think ...
Bottom line: this needs looking into.
Change History
comment:1 Changed 13 years ago by pjkersha
- Status changed from new to closed
- Resolution set to fixed
comment:2 Changed 13 years ago by pjkersha
- Status changed from closed to reopened
- Resolution fixed deleted
Re-opening because it looks like a redirect is needed for the logout controller. This is the scenario:
Login
- browse at NOCS
- go to WAYF and pick BADC
- login at BADC setting security cookie info in BADC domain
- redirected back to NOCS, set security cookie for NOCS domain
Logout
- Session Manager session is deleted and NOCS security cookie info is deleted
- but BADC cookie still remains
The next time you try login the system will think you're session is still active because the stale security cookie remains at BADC. Solution would be to redirect to BADC on login at logout and remove the security details from the BADC cookie.
Fixed in http://proj.badc.rl.ac.uk/ndg/changeset/2991