Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1619: GAE Sample should check whether GAE user is the same as the logged in user #1860

Closed
spring-issuemaster opened this Issue Nov 9, 2010 · 1 comment

Comments

Projects
None yet
1 participant

Luke Taylor (Migrated from SEC-1619) said:

It's possible that a user may log out of Google Apps without logging out of the sample app. The app should detect a change of user, invalidate the existing session and authenticate the current user if this situation is detected.

Luke Taylor said:

The GaeAuthenticationFilter now checks to see if the currently authenticated user matches the Google Apps user. If not, then it logs out the current user and destroys the session before continuing.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment