[
https://issues.apache.org/jira/browse/OFBIZ-9302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15958623#comment-15958623
]
Jacques Le Roux edited comment on OFBIZ-9302 at 4/6/17 10:19 AM:
-----------------------------------------------------------------
OK, for the difference between browsers, it depends on your setting. Mine in
Chrome included removing cookies, I guess for the domain because nothing was
left it seems, I did not check deeper. But other browsers were only cache, not
cookies. Anyway, we have session cookies by web application. I guess we are
only removing the cookie of the current application when login out. We could
remove them for all applications. I'm not yet quite sure about that, did not
look at the code yet...
was (Author: jacques.le.roux):
OK, for the difference between browsers, it depends on your setting. Mine in
Chrome included removing cookies, I guess for the domain because nothing was
let it seems, I did not check deeper. But other browsers were only cache, not
cookies. Anyway, we have session cookies by web application. I guess we are
only removing the cookie of the current application when login out. We could
remove them for all applications. I'm not yet quite sure about that, did not
look at the code yet...
> logout security
> ---------------
>
> Key: OFBIZ-9302
> URL: https://issues.apache.org/jira/browse/OFBIZ-9302
> Project: OFBiz
> Issue Type: Bug
> Components: ALL APPLICATIONS
> Affects Versions: Release Branch 16.11
> Reporter: Moatasim Al Masri
> Attachments: logout2.wmv, logout.wmv
>
>
> am trying to check OFBIZ security authentication, and I found when we
> logedout the session still open in browser, that if we press back from
> browser we can reopen the session and continue see our application without
> any authentication.
> please see the video attached : logout.wmv
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
