kamalcodez opened a new issue, #24713: URL: https://github.com/apache/superset/issues/24713
After logout from superset, session cookies continues to be valid. User can still login using those cookies if he has session cookie saved. They should be invalidated after logout. #### How to reproduce the bug 1. Login into superset. 2. Copy the session cookies (with the help of browser extension). 3. Logout from superset. 4. Import session cookies into second browser. 5. Hit superset login url in second browser. 6. You will be logged in automatically. Same can be done in single browser. ### Expected results User should not be able to login, cookies should be invalidated after logout. ### Actual results User is able to login, cookies continues to be valid even after logout. ### Environment (please complete the following information): - browser type and version : chrome `114.0.5735.199` , Firefox : `115.0.2` - superset version: `2.0.1` - python version: `3.9.16` - browser extension : `Cookie-Editor` **How do I invalidate cookies after logout ??** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
