[rt-users] RT_SID cookie not invalidated at logout

Jenny Martin jenny at ebi.ac.uk
Wed Feb 20 21:07:24 EST 2013

All our users authenticate using their LDAP credentials via
RT-Authen-ExternalAuth plugin.  I just tried creating a local user, and
RT does the right thing when the local user logs in - it sends back a
new cookie and removes the old session data.  So the problem seems to be
with the RT-Authen-ExternalAuth plugin.

We recently upgraded from RT 4.0.4/ExternalAuth 0.9 to
RT4.0.10/ExternalAuth0.13.  I can't be sure the problem didn't exist
before, but I didn't notice it.

More information about the rt-users mailing list