[rt-users] RT_SID cookie not invalidated at logout
Jenny Martin
jenny at ebi.ac.uk
Wed Feb 20 21:07:24 EST 2013
All our users authenticate using their LDAP credentials via
RT-Authen-ExternalAuth plugin. I just tried creating a local user, and
RT does the right thing when the local user logs in - it sends back a
new cookie and removes the old session data. So the problem seems to be
with the RT-Authen-ExternalAuth plugin.
We recently upgraded from RT 4.0.4/ExternalAuth 0.9 to
RT4.0.10/ExternalAuth0.13. I can't be sure the problem didn't exist
before, but I didn't notice it.
More information about the rt-users
mailing list