search

nette / security

🔑 Provides authentication, authorization and a role-based access control management via ACL (Access Control List)
https://doc.nette.org/access-control
Other
357 stars 40 forks source link

SessionStorage: Fix clearing identity in case of clearAuthentication(true). #55

Closed janbarasek closed 3 years ago

janbarasek commented 3 years ago

User defined code (for logout function):

$this->userStorage->clearAuthentication(true);
$this->userStorage->setExpiration(null, true);

Mark user as unauthenticated, but an original identity kept stored in Session. I think when clearAuthentication(true) the identity must be removed.

dg commented 3 years ago

Thanks