Bug #45611
Destruction of session after logout should be configurable
Status: | New | Start date: | 2013-02-19 | |
---|---|---|---|---|
Priority: | Could have | Due date: | ||
Assigned To: | - | % Done: | 0% |
|
Category: | Security | |||
Target version: | - | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | Git master |
Description
After logout the session is destroyed.
In the AuthenticationProviderManager:
if ($this->session->isStarted()) { $this->session->destroy('Logout through AuthenticationProviderManager'); }
There should be a way to deactivate this by configuration because in some cases one want to keep information in the session regardles of the login-state.