Details
-
Suggestion
-
Resolution: Tracked Elsewhere
-
None
-
None
Description
The Crowd session for Apache pages is kept alive indefinitely until the browser is closed (removing the authentication cookie seems to have no effect, subsequent visits to the same page despite having all cookies removed from the browser will still allow the user to view the page without requiring authentication).
Steps to Reproduce
- Authenticate (via Basic Auth) to a Apache site (which requires Crowd Authentication), make sure that the authentication is successful, and you are able to view the site
- Remove all cookies and caches from the browser (Clear browsing data), and try to navigate to the same page
Notice that you do not get the same Basic Auth prompt again, in fact, you are able to view the page immediately, without having to re-authenticate.
Attachments
Issue Links
- cloned by
-
CWDAPACHE-42 Loading...
- mentioned in
-
Wiki Page Loading...