[jboss-jira] [JBoss JIRA] (WFLY-8252) HttpServletRequest.logout() doesn't work with Elytron
Stuart Douglas (JIRA)
issues at jboss.org
Mon Feb 27 19:16:00 EST 2017
[ https://issues.jboss.org/browse/WFLY-8252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13369982#comment-13369982 ]
Stuart Douglas commented on WFLY-8252:
--------------------------------------
https://github.com/wildfly-security/elytron-web/pull/78 https://github.com/wildfly-security/wildfly-elytron/pull/696
> HttpServletRequest.logout() doesn't work with Elytron
> -----------------------------------------------------
>
> Key: WFLY-8252
> URL: https://issues.jboss.org/browse/WFLY-8252
> Project: WildFly
> Issue Type: Bug
> Components: Security, Web (Undertow)
> Reporter: Josef Cacek
> Assignee: Stuart Douglas
> Priority: Blocker
>
> Calling {{HttpServletRequest.logout()}} leaves user logged in if Elytron security is used.
> This means security flaw, therefor setting priority to blocker.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list