Bug #45611
Destruction of session after logout should be configurable
| Status: | New | Start date: | 2013-02-19 | |
|---|---|---|---|---|
| Priority: | Could have | Due date: | ||
| Assigned To: | - | % Done: | 0% |
|
| Category: | Security | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: | No | Affected Flow version: | Git master |
Description
After logout the session is destroyed.
In the AuthenticationProviderManager:
if ($this->session->isStarted()) {
$this->session->destroy('Logout through AuthenticationProviderManager');
}
There should be a way to deactivate this by configuration because in some cases one want to keep information in the session regardles of the login-state.