Closed skyskitter closed 3 years ago
How did your app handle the "login information inside the cookies"? Currently, this sample aggressively wipes out the entire session, also this sample does not directly store any info in cookie. Did YOUR app somehow maintain some info in your cookie?
Thanks for your reply, I did not do any code change except from update the application related information in app_config.py. Does msal also write something in the cookie? If so is it the responsibility of the app to clean it up?
Followings are words from microsoft support: "While working with you on this, it was discussed that the app does not provide session clean-up in an expected manner. "
Does msal also write something in the cookie? If so is it the responsibility of the app to clean it up?
MSAL itself does not write anything to anywhere. It is this flask-powered sample app, that stores the current login information into a "session". However, this app already clean it up, in the code snippet I linked to in my previous response.
words from microsoft support: "... it was discussed that the app does not provide session clean-up in an expected manner. "
I was not in such conversation, so I do not know the context.
At this point, I feel like the only way to have a productive conversation is for you to provide step-by-step detail to reproduce the issue. Based on what you mentioned so far, can you confirm or fill in the following steps?
app.py
@rayluo Thanks for your effort, please see my answer below based on my knowledge till now.
Thanks for your following up with those info. Yes, there could be multiple separated "layers" that affect the login experience:
Based on the conversation so far, yes we agree with your conclusion that "it is not caused by this python example". Thank you.
Following the steps to hook with my application, after a successful login and logout, user can login with fake account and without entering any password. The name logged in is the same as previous login. I submitted a support request to microsoft and it seems the login information inside the cookies is not properly cleared.
Any idea on this issue? Thanks a lot!