api-management-developer-portal icon indicating copy to clipboard operation
api-management-developer-portal copied to clipboard
verified publisher icon Azure

Failure to invalidate session on logout in same browser

Open CosminLazar opened this issue 4 years ago • 7 comments

Bug description

Signing out from one tab does not sign the user out of all the tabs in the same browser.

Reproduction steps

  1. Login to your account from browser 1 Tab1.
  2. Login to your account from browser 1 Tab2.
  3. Now logout from Tab 1.
  4. Going to Tab 2 and refreshing the page shows that the session is still active
  5. You can even go to profile, change the name and the change persists.

Expected behavior

Logging out from one tab should log you out from all tabs in that browser.

Is your portal managed or self-hosted?

Managed

API Management service name

apim-bilinfo-prod

Environment

Environment agnostic

CosminLazar avatar Apr 09 '21 07:04 CosminLazar

@mikebudzynski is this actively being planned for any future sprint? We had this shown up in a recent Information Security scan.

kasperbrandenburg avatar Jun 07 '21 07:06 kasperbrandenburg

By adding this issue to the Backlog project, we have prioritized it for development. You can monitor its status in the project's board.

msftbot[bot] avatar Jun 08 '21 17:06 msftbot[bot]

@mikebudzynski is this actively being planned for any future sprint? We had this shown up in a recent Information Security scan.

Thanks for bringing this up. We have prioritized the fix, but at this moment I am not able to share the ETA. Most likely, we won't be able to address it in the next two months.

mikebudzynski avatar Jun 08 '21 17:06 mikebudzynski

@mikebudzynski is this actively being planned for any future sprint? We had this shown up in a recent Information Security scan.

Thanks for bringing this up. We have prioritized the fix, but at this moment I am not able to share the ETA. Most likely, we won't be able to address it in the next two months.

Hi @mikebudzynski, may I know how the process is going and if there is any plan to fix the issue? It would be very appreciated if the fix could be prioritized and share us a rough date when the fix is on the process. Thanks a lot.

v-mosh21 avatar Aug 27 '21 12:08 v-mosh21

@v-mosh21, we plan to fix the issue and the issue has already been prioritized - see the comment directly above yours. At this moment, we don't have an ETA to share.

mikebudzynski avatar Aug 31 '21 20:08 mikebudzynski

Any news on this issue ?

driis avatar Dec 09 '21 12:12 driis

No news since my last comment.

mikebudzynski avatar Jan 12 '22 21:01 mikebudzynski