Closed jmfernandezg closed 7 years ago
@arjantijms Can you look at this?
Problem appears to be in Soteria and is two-fold:
Looks like AuthenticationParameters#rememberMe()
is completely ignored. I remember having discussed this issue years ago. That the default RememberMeInterceptor
should by default also check AuthenticationParameters#rememberMe()
, but this is not in place. I have fixed the @RememberMe
annotation on that.
Not clearing the cookie on logout is caused by a Weld bug. It's already fixed in 2.4.0 / 3.0.0, but WildFly 10.1 still uses 2.3.5.
There is an issue when logging out an authenticated user. I'm not quite sure what is happening there. It seems like the logout process goes just fine, the login and session are nullified, then a few milliseconds later the "authenticated" user goes back inside the session again.
This causes the user icon to still be displayed on the upper right corner even when the application confirmed that the user logged out.
If we try to log out again, a session expired page appears. This is expected but there is still the user icon active on the upper right.
If we try to log out again, a view expired exception is thrown.
We can then go back to the user list page "/admin/users" and make changes and everything even though the user is supposed to be logged out.
Thanks.