Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.6.2, 2.7.3
-
None
Description
When the user logs out the HttpSession isn't invalidated.
The important details of the logged in user and other information is correctly cleared but other properties such as user preferences are not.
The impact is things like the label's section and location section's openness state isn't correctly loaded from the database (its read from the session which contains the value of the previously logged in user).
Attachments
Issue Links
- causes
-
CONFSERVER-13702 Session must not be invalidated on logout
- Closed
- is caused by
-
SER-121 Add Interceptor to Invalidate HttpSession
- Closed