|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
For more options, visit https://groups.google.com/d/optout.
We have discovered the logout image is actually a implementation detail of the OP (OpenID Provider) we use. Logout doesn't appeared to be covered at all in the OpenID 2.0 Spec (http://openid.net/specs/openid-authentication-2_0.html) so we may be the only use-case for this.
However, we noticed that "ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY" cookie is used in the other jenkins plugins (such as https://svn.jenkins-ci.org/tags/hudson-/core/src/main/java/hudson/security/SecurityRealm.java). I wonder if in the OpenID Connect spec (http://openid.net/specs/openid-connect-session-1_0.html#RPLogout), if it would be appropriate to reset this cookie.
Feel free to close this issue, if you think this feature is unnecessary.