Re: [wildfly-dev] Broken logout / HAL-60
Hmm we need to look into a security issue then because that could mean that subsequent
requests with incorrect credentials are somehow accepted when they should be rejected.
On Aug 9, 2013, at 5:06 AM, Harald Pehl <hpehl(a)redhat.com> wrote:
I'm trying to fix the broken logout in the console
(https://issues.jboss.org/browse/HAL-60). With the switch to undertow, the redirects in
LogoutHandler do not longer work in Chrome and Safari. I came up with a solution that adds
a call to SecurityContext.logout() before doing the redirects.
My changes are in PR #4879: https://github.com/wildfly/wildfly/pull/4897. Can you take a
look at my solution. I don't know if that's an appropriate solution to get rid of
the digest authentication information. At least it does work across common browsers.
Thanks
Harald
---
Harald Pehl
JBoss by Red Hat
http://hpehl.info
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev