Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-636

Path is not provided when clearing the SSO cookie

    XMLWordPrintable

Details

    Description

      In SingleSignOnAuthenticationMechanism.java we have this method:

      private void clearSsoCookie(HttpServerExchange exchange)

      { exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName).setMaxAge(0).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain)); }

      As you can see the path is not set on the Cookie.

      As a result the cookie will still be present and send again on subsequent requests.

      Attachments

        Activity

          People

            sdouglas1@redhat.com Stuart Douglas
            jamat Juan AMAT (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: