Project

General

Profile

Feature #1903

Allow for a logout feature when logged using a KCA cert.

Added by Michael Zalokar almost 8 years ago. Updated almost 8 years ago.

Status:
Rejected
Priority:
Low
Assignee:
-
Start date:
09/22/2011
Due date:
% Done:

0%

Estimated time:
Duration:

Description

Currently the only way to clear a session when logged in using a KCA certificate is to close the brower. That makes testing harder.

History

#1 Updated by Lauri Carpenter almost 8 years ago

  • Status changed from New to Rejected

The SSL handshake happens at the apache layer, not the django layer. Even if we figured out how to timeout the django session, the browser would just present the same certificate again to apache and we'd get re-logged in as the same actor. Not easy to change this behavior, especially with the complication of trying to have SSL and service account login. So we are rejecting this request. It only affected developers anyway.



Also available in: Atom PDF