-
-
Notifications
You must be signed in to change notification settings - Fork 291
wsfedsignout error in cookie path and permanent? #19
Comments
Thx for the report. Will look into it. |
Good point. Also - Paul - for signout via HRD - i should rather do a redirect e.g. to the ADFS signin endpoint, right? |
I am not done yet with HRD testing. I will report on that one later. |
thanks! |
The short answer is: YES. The long answer is that an intermediate issuer (federation sts) should remember the upstream IP that has authenticated the user. When wsignout1.0 arrives a redirect (with wsignout1.0) to the upstream RP is required. Typically a memorie cookie (path is application path) is used to remember this. But now trouble .... |
ClearEndpoint now sets the path. |
(partially) closed. HRD signout problem will be addressed separately. |
SignInSessionManager.ClearEndPoints() forgets to set the path to the same value as WriteCookie(…) does. As a consequence it is never cleared. Why does Write Cookie set Expires? Now it is a disk cookie. It should really be a memory/session cookie, isn’t it? Because authn cookies and this one should disappear at the same time. And for disk there is only one, but for memory they are per DOM session, which normally enable two separate logons!
The text was updated successfully, but these errors were encountered: