Allow for a logout feature when logged using a KCA cert.
Currently the only way to clear a session when logged in using a KCA certificate is to close the brower. That makes testing harder.
#1 Updated by Lauri Carpenter over 9 years ago
- Status changed from New to Rejected
The SSL handshake happens at the apache layer, not the django layer. Even if we figured out how to timeout the django session, the browser would just present the same certificate again to apache and we'd get re-logged in as the same actor. Not easy to change this behavior, especially with the complication of trying to have SSL and service account login. So we are rejecting this request. It only affected developers anyway.