Details
-
Bug
-
Resolution: Obsolete
-
Medium
-
2.5.8
-
None
Description
The customer observed that the X-User-Context hash isn't properly invalidated after logout. It only works correctly with FOSHttpCacheBundle 2.2 and later. It was broken in older versions of the bundle.
This feature should be backported:
https://github.com/FriendsOfSymfony/FOSHttpCacheBundle/blob/master/src/Security/Http/Logout/ContextInvalidationSessionLogoutHandler.php
ref: https://github.com/FriendsOfSymfony/FOSHttpCacheBundle/pull/394 & https://github.com/FriendsOfSymfony/FOSHttpCacheBundle/issues/392
Attachments
Issue Links
- relates to
-
EZP-30468 If user is logged in into two different SiteAccesses, an incorrect X-User-Hash gets cached and is used after logout.
- InputQ