Details

      Description

      In SingleSignOnAuthenticationMechanism.java we have this method:

      private void clearSsoCookie(HttpServerExchange exchange)

      { exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName).setMaxAge(0).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain)); }

      As you can see the path is not set on the Cookie.

      As a result the cookie will still be present and send again on subsequent requests.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                swd847 Stuart Douglas
                Reporter:
                jamat Juan AMAT
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: