-
Type:
Improvement
-
Resolution: Unresolved
-
Priority:
Medium
-
None
-
Affects Version/s: None
-
None
Currently, when the SecurityFilter runs, it sets a User object on the application's AuthenticationContext, which is a ThreadLocal.
However, when you call DefaultAuthenticator.logout(), this object is not cleared. Is there a good reason for this? Because currently, Confluence does this manually in their logout code, and JIRA doesn't, which has caused a bug to occur in an edge case. It would probably be better design for seraph to handle the clearing of this object.
- is cloned from
-
JRASERVER-14662 After successfully importing an XML the rendering breaks showing the next page
-
- Closed
-