[wildfly-dev] Broken logout / HAL-60
Jason Greene
jgreene at redhat.com
Fri Aug 9 07:37:11 EDT 2013
Hmm we need to look into a security issue then because that could mean that subsequent requests with incorrect credentials are somehow accepted when they should be rejected.
On Aug 9, 2013, at 5:06 AM, Harald Pehl <hpehl at redhat.com> wrote:
> I'm trying to fix the broken logout in the console (https://issues.jboss.org/browse/HAL-60). With the switch to undertow, the redirects in LogoutHandler do not longer work in Chrome and Safari. I came up with a solution that adds a call to SecurityContext.logout() before doing the redirects.
>
> My changes are in PR #4879: https://github.com/wildfly/wildfly/pull/4897. Can you take a look at my solution. I don't know if that's an appropriate solution to get rid of the digest authentication information. At least it does work across common browsers.
>
> Thanks
> Harald
>
> ---
> Harald Pehl
> JBoss by Red Hat
> http://hpehl.info
>
>
>
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
More information about the wildfly-dev
mailing list