Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

consent: Authentication session cookie invalidation scenarios #855

Closed
aeneasr opened this issue May 19, 2018 · 0 comments
Closed

consent: Authentication session cookie invalidation scenarios #855

aeneasr opened this issue May 19, 2018 · 0 comments
Assignees
@aeneasr
Milestone
1.0.0-alpha.1

Comments

@aeneasr
Copy link
Member

aeneasr commented May 19, 2018

Let's look at the remember flag. If remember is set to false, then this has currently no effect to an existing AuthN cookie. So let's assume:

  1. AuthN cookie has user sess-user authenticated
  2. Request is forwarded to login endpoint
  3. Login endpoint accepts login with user not-sess-user and remember: false

Then currently, this has no effect on the session. So after this flow, sess-user is still authenticated although a different user has authenticated.
@aeneasr aeneasr self-assigned this May 19, 2018
@aeneasr aeneasr added this to the 1.0.0-alpha.1 milestone May 19, 2018
aeneasr pushed a commit that referenced this issue May 19, 2018
consent: Adds authN session revokation on specific errors
b6b6629 
Closes #854
Closes #855
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aeneasr aeneasr

Labels
None yet
Projects
None yet
Milestone
1.0.0-alpha.1
Development

No branches or pull requests
1 participant
@aeneasr