authentication - WSO2: How to logout a user that has obtained a 'rememberMeCookie' -
i using wso2 identity server 4.1.0 perform basic authentication. possible call authenticationadmin webservice, contains 'loginwithremembermeoption'. user obtain 'remembermecookie', can log in, if session (jsession) has expired.
i have learned loginwithremembermeoption has timeout: 7 days, , time cannot modified: wso2 authentication, adding/modifing timeout rememberme cookie
the authenticationadmin service provides 'logout' operation. unfortunately, operation invalidate session. if user has rememebermecookie, still able login: wso2 authenticationadmin logout
the question is, how logout user has obtained rememebermecookie? preferably using authenticationadmin?
as understand there no direct way logout user remember me cookie.
i went through code. once login remember me option, uuid
generated. refer org.wso2.carbon.core.services.authentication.authenticationadmin.loginwithremembermeoption(string, string, string)
method in authenticationadmin
the cookie saved in database. when login remember me cookie, cookie checked user store. refer org.wso2.carbon.user.api.userstoremanager.isvalidremembermetoken(string, string)
. can check jdbc implementation.
so, in order logout, might have clear cookie user store.
please report jira issue, if think might useful add method clear cookie.
Comments
Post a Comment