You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently there is no way to react to expired auth cookies
Wanted
SecHub Server should delete expired cookies and redirect to the login page.
Solution
Idea:
Inside AbstractSecurityConfiguration there is a custom AuthenticationEntryPointwhich handles 401 Unauthorized.
Probably we should extend this handler to check if request is cookie based and then redirect to /login.
For "normal" requests (not cookie-based, Bearer Token, Basic Auth, ...) no redirect should happen. It should just respond with 401 Unauthorized like now.
Other ideas?
The text was updated successfully, but these errors were encountered:
Situation
Currently there is no way to react to expired auth cookies
Wanted
SecHub Server should delete expired cookies and redirect to the login page.
Solution
Idea:
Inside
AbstractSecurityConfigurationthere is a customAuthenticationEntryPointwhich handles401 Unauthorized.Probably we should extend this handler to check if request is cookie based and then redirect to
/login.For "normal" requests (not cookie-based, Bearer Token, Basic Auth, ...) no redirect should happen. It should just respond with
401 Unauthorizedlike now.Other ideas?
The text was updated successfully, but these errors were encountered: