After logout() a getSubject() call still honors remember me
-----------------------------------------------------------
Key: JSEC-57
URL: https://issues.apache.org/jira/browse/JSEC-57
Project: JSecurity
Issue Type: Bug
Components: Subject
Affects Versions: 0.9
Reporter: Jeremy Haile
Fix For: 1.0
This cropped up for me because Spring's FrameworkServlet calls
request.getUserName() by default, which under the hood will call JSecurity's
getSubject(). This causes a new subject to be created that honors the remember
me cookie. Instead - this new subject should be created without a remember me
cookie being honored.
One way we could work around this problem is by setting a request attribute
when you logout that tells the RememberMeManager that it shouldn't honor the
remember me cookie for the remainder of this request.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
