authentication - WSO2: How to logout a user that has obtained a 'rememberMeCookie' -


i using wso2 identity server 4.1.0 perform basic authentication. possible call authenticationadmin webservice, contains 'loginwithremembermeoption'. user obtain 'remembermecookie', can log in, if session (jsession) has expired.

i have learned loginwithremembermeoption has timeout: 7 days, , time cannot modified: wso2 authentication, adding/modifing timeout rememberme cookie

the authenticationadmin service provides 'logout' operation. unfortunately, operation invalidate session. if user has rememebermecookie, still able login: wso2 authenticationadmin logout

the question is, how logout user has obtained rememebermecookie? preferably using authenticationadmin?

as understand there no direct way logout user remember me cookie.

i went through code. once login remember me option, uuid generated. refer org.wso2.carbon.core.services.authentication.authenticationadmin.loginwithremembermeoption(string, string, string) method in authenticationadmin

the cookie saved in database. when login remember me cookie, cookie checked user store. refer org.wso2.carbon.user.api.userstoremanager.isvalidremembermetoken(string, string). can check jdbc implementation.

so, in order logout, might have clear cookie user store.

please report jira issue, if think might useful add method clear cookie.


Comments

Popular posts from this blog

java - nested exception is org.hibernate.exception.SQLGrammarException: could not extract ResultSet Hibernate+SpringMVC -

sql - Postgresql tables exists, but getting "relation does not exist" when querying -

asp.net mvc - breakpoint on javascript in CSHTML? -