peterhaochen47
commented
5 years ago Submitted an issue to envoyproxy to address not being able to add multiple Set-Cookie.
Closed tylerschultz closed 4 years ago
peterhaochen47
commented
5 years ago Submitted an issue to envoyproxy to address not being able to add multiple Set-Cookie.
tylerschultz
commented
4 years ago As is, this feature works despite the envoyproxy bug.
When the envoy proxy bug is present, the caveat is that only the ID token cookie is deleted upon logout, thus the other authtoken and state-nonce cookies are left behind. The presence of the authtoken cookie or state-nonce cookie are ignored when determining if the user is logged in. The authservice only relies on the presence of the id token cookie.
When the envoyproxy bug fix finds its way into the Istio sidecar proxy, all authservice and state-nonce cookies will be deleted upon logout.
The user should optionally be able to configure logout.path and logout.redirect_to_uri. If they choose to configure either, then they must configure both.
GIVEN The user has configured the logout.path and logout.redirect_to_uri WHEN The user makes a GET and/or POST to the logout URI, with and/or without cookies, THEN all of the authservice cookies should be removed (if any) AND the user's browser should be redirected to GET the configured logout.redirect_to_uri