Details
-
Bug
-
Resolution: Done
-
Major
-
1.3.16.Final
-
None
Description
In SingleSignOnAuthenticationMechanism.java we have this method:
private void clearSsoCookie(HttpServerExchange exchange)
{ exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName).setMaxAge(0).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain)); }As you can see the path is not set on the Cookie.
As a result the cookie will still be present and send again on subsequent requests.