#2365: Logout does not destroy session cookie

Type: BugItem Feature: Infrastructure Tags:  
ScheduledFor: N/A Assigned to: AntonioTerceiro Sites:  
Priority: 0 Status: Pending  

Description of the bug

whenever a user logs out of Noosfero, the session cookie should be destroyed. Currently after I log out, Noosfero just does not sends the Set-Cookie header back, what makes the browser keep the last cookie it had. This means that the browser will keep sending the the same cookie over and over again, and the user will get the "You have been logged out" message over and over again. Instead, Noosfero should explicitly set the _noosfero_session cookie to an empty string!

Steps to reproduce

Just log out from any site and keep browsing.

-- AntonioTerceiro -- 23 May 2012

Add comment
You need to login to be able to comment.

ActionItemForm edit

Title Logout does not destroy session cookie
ActionItemType? BugItem
Priority 0
Feature Infrastructure
ResponsibleDevelopers AntonioTerceiro
ScheduledFor? N/A
Status Pending
Ticket SAC:
Topic revision: r4 - 20 Jul 2012 - 14:28:43 - LarissaReis

irc Talk with Devs Now!

Translations: English
Search on Docs:
ActionItem Search:

Copyright © 2007-2015 by the Noosfero contributors
Colivre - Cooperativa de Tecnologias Livres