You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Applications will still retain their cookies if impersionation is triggered in OIDC gateway. This has some potential of leaking cookies/secrets across users and I guess also there is risk for real damage or data mangling.
Cleanest probably is to force administrator to start the impersionation session in incognito window
The text was updated successfully, but these errors were encountered:
Sounds like only way would be to create a link, which admin needs to visit to set impersonation cookie.
When visiting link, check if any cookies exist (on Passmower's host or whole domain). If exist, then deny setting impersonation cookie with an informative message.
Applications will still retain their cookies if impersionation is triggered in OIDC gateway. This has some potential of leaking cookies/secrets across users and I guess also there is risk for real damage or data mangling.
Cleanest probably is to force administrator to start the impersionation session in incognito window
The text was updated successfully, but these errors were encountered: