Akhil S Naik created AMBARI-24590:
-------------------------------------
Summary: Ambari is keeping the Session cookie even after logout
Key: AMBARI-24590
URL: https://issues.apache.org/jira/browse/AMBARI-24590
Project: Ambari
Issue Type: Bug
Reporter: Akhil S Naik
Attachments: Screen Shot 2018-09-04 at 3.44.36 PM.png
Ambari is keeping the session cookie in the response even after logout from
ambari.
Ambari is vulnerable to session replay attack due to this vulnerability .
we should remove the 'AMBARISESSIONID' once the user is logged out.
Please refer to attached screenshot.
!Screen Shot 2018-09-04 at 3.44.36 PM.png!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
