logout forward url pointing to a protected application cause infinite redirection (pdata)
Concerned version
Version: %2.0.7
Platform: Apache
Summary
After fixing logout forward feature (see #2138 (closed)), I discovered a new problem caused by pdata cookie:
logout forward url pointing to a protected application cause infinite redirection (pdata)
Scenario:
- define logout forward url to: http://test1.example.com/logout.html
- add rule for test1: ^/logout.html => logout_sso and create file logout.html on the server
[OR]
-
add rule for test1: ^/logout.html => unprotect and don't create file logout.html on the server
-
then log in to the sso, and logout. Both cases result in a "test1 redirection", and the non-destruction of pdata cookie. If you try to login again, you are redirected immediately to logout page.
Backends used
- Authentication: Demo
- UserDB: Demo
- Password: Demo
- Configuration : File (JSON)
Possible fixes
Needs investigation
May be linked to: #2139 or #1778 (closed)