[
https://issues.apache.org/jira/browse/KI-4?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alan Cabrera moved JSEC-57 to KI-4:
-----------------------------------
Fix Version/s: (was: 1.0)
Component/s: (was: Subject)
Affects Version/s: (was: 0.9)
Key: KI-4 (was: JSEC-57)
Project: Ki (was: JSecurity)
> After logout() a getSubject() call still honors remember me
> -----------------------------------------------------------
>
> Key: KI-4
> URL: https://issues.apache.org/jira/browse/KI-4
> Project: Ki
> Issue Type: Bug
> Reporter: Jeremy Haile
> Assignee: Les Hazlewood
> Attachments: WebRememberMeManager.java.forgetIdentity.JSEC-57.patch
>
>
> This cropped up for me because Spring's FrameworkServlet calls
> request.getUserName() by default, which under the hood will call JSecurity's
> getSubject(). This causes a new subject to be created that honors the
> remember me cookie. Instead - this new subject should be created without a
> remember me cookie being honored.
> One way we could work around this problem is by setting a request attribute
> when you logout that tells the RememberMeManager that it shouldn't honor the
> remember me cookie for the remainder of this request.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
