[CONFSERVER-11324] Session isn't invalidated on logout

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.9.2, 2.10
Affects Version/s: 2.6.2, 2.7.3
Component/s: None
Labels:
- affects-server
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

When the user logs out the HttpSession isn't invalidated.

The important details of the logged in user and other information is correctly cleared but other properties such as user preferences are not.

The impact is things like the label's section and location section's openness state isn't correctly loaded from the database (its read from the session which contains the value of the previously logged in user).

causes

CONFSERVER-13702 Session must not be invalidated on logout

Closed

is caused by

SER-121 Add Interceptor to Invalidate HttpSession

Closed

Form Name

Assignee:: Chris Kiehl

Reporter:: m@ (Inactive)

Affected customers:: 1 This affects my team

Watchers:: 2 Start watching this issue

Created:: 03/Apr/2008 3:07 AM

Updated:: 11/Oct/2018 8:50 AM

Resolved:: 23/Sep/2008 5:40 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates