Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 6.3.0
Affects Version/s: 6.2.33
Labels:
None

Template:
Acceptance criteria:

Empty

show more show less
Release notes required:

Yes
Epic Link:
SSO maintenance

Since ADMINCTR-450, we invalidate the HttpSession too eagerly, thus killing other/external logout logic that happens downstream from VaadinSession destroy, such as SSOs' logout filter: we use Pac4j's SessionStore (info in the http-session) to track the web session and interaction with the IdP.

Desired behavior:

let a Vaadin session timeout kill itself
if it's the last/only Vaadin session alive within the HTTP session, trigger http session expiry
but do that via redirect, not via session#invalidate (not to harm SSO's session-tracking)

Acceptance criteria

causes

MGNLSSO-308 Logout no longer works - Improve integration tests

Closed

clones

ADMINCTR-478 Logout from external IdPs no longer works

Closed

depends upon

MAGNOLIA-9090 Add option to trigger logout logic, post-request handling

Closed

MAGNOLIA-9091 Add option to trigger logout logic, post-request handling (Magnolia 6.3)

Closed

Assignee:: Mikaël Geljić

Reporter:: Mikaël Geljić

Team:: AdminX

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 18/Sep/23 6:18 PM

Updated:: 29/Sep/23 12:25 PM

Resolved:: 20/Sep/23 8:11 AM

Work Started:: 18/Sep/23 6:18 PM

Details

Description

Checklists

Attachments

Issue Links

Activity

People

Dates