[CONFSERVER-13702] Session must not be invalidated on logout - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.10.1, 3.0.1
Affects Version/s: 2.9.2
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

People ran into problems because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGED_OUT_KEY to be present.

This means we need to remove all session attributes except some special attributes like the seraph ones. The other option would be to only remove critical attributes like the users history from the session and leave it untouched otherwise. But I would rather go for the first approach, and remove as much data from the session as possible to avoid privacy issue created by future code.

is caused by

CONFSERVER-11324 Session isn't invalidated on logout

Closed

Assignee:: Andrew Lynch (Inactive)

Reporter:: Chris Kiehl

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 13/Nov/2008 3:49 AM

Updated:: 11/Oct/2018 9:01 AM

Resolved:: 18/Jun/2009 7:12 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates