Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-2969

Expire Crowd-Apache Sessions after a timeout, or when the cookie is removed

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      The Crowd session for Apache pages is kept alive indefinitely until the browser is closed (removing the authentication cookie seems to have no effect, subsequent visits to the same page despite having all cookies removed from the browser will still allow the user to view the page without requiring authentication).

      Steps to Reproduce

      1. Authenticate (via Basic Auth) to a Apache site (which requires Crowd Authentication), make sure that the authentication is successful, and you are able to view the site
      2. Remove all cookies and caches from the browser (Clear browsing data), and try to navigate to the same page
        Notice that you do not get the same Basic Auth prompt again, in fact, you are able to view the page immediately, without having to re-authenticate.

      Attachments

        Issue Links

          cloned by

          CWDAPACHE-42 Loading...

          mentioned in

          Wiki Page Loading...

          Activity

            People

              Unassigned Unassigned
              fsim Foo Sim (Inactive)
              Votes:
              4 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: