Uploaded image for project: 'Webservices REST Module'
  1. Webservices REST Module
  2. RESTWS-887

Session endpoint should expire the session cookie

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Must
    • Resolution: Fixed
    • Affects Version/s: 2.35.0
    • Fix Version/s: 2.36.0
    • Component/s: None

      Description

      The session end-point logs the user out in response to a DELETE request. However, this is done by simply calling Context.logout(). While Context.logout() kills the user session as tracked internally by the application, it does not actually end the web session by calling httpSession.invalidate(). This means that the user's browser can still think it has a valid session, even though on the OpenMRS side the user does not.

        Gliffy Diagrams

          Attachments

            Activity

              People

              Assignee:
              ibacher Ian Bacher
              Reporter:
              ibacher Ian Bacher
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: