-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
-
None
Due to changes in AdmincentralServlet in Magnolia 6.2.38, logout no longer works, IdP session is never terminated.
This is because the HttpSession is invalidated too eagerly, and thus kills Pac4j's session-tracking.
—
The issue will be resolved by ADMINCTR-478 and MAGNOLIA-9090.
Some dev notes and action should be taken in the scope of this ticket:
- Add the logout scenario on SSO integration test for both branches v3.1 and v4.0.0
- Consider to re-add `request.getSession().invalidate();` back to SsoLogoutFilter which is removed by this commit
if (request.getSession(false) != null) { log.info("Invalidating HttpSession {}", request.getSession()); request.getSession().invalidate(); }
- is caused by
-
ADMINCTR-478 Logout from external IdPs no longer works
- Closed
-
ADMINCTR-479 Logout from external IdPs no longer works (Magnolia 6.3)
- Closed
- relates to
-
MAGNOLIA-9090 Add option to trigger logout logic, post-request handling
- Closed
-
MAGNOLIA-9091 Add option to trigger logout logic, post-request handling (Magnolia 6.3)
- Closed