Question

4
Replies
311
Views
VenuP634 Member since 2016 3 posts
CBA
Posted: August 28, 2016
Last activity: September 6, 2016
Closed

Ineffective Logout Function

Hi,

Case Manager logout function is not clear cookies on the client side nor invalidate them on the server side. So, This could allow an attacker to continue accessing the web application if cookie values are intercepted, even if the user has logged out.

Please share your thougts.

Thanks,

***Updated by Moderator: Vidyaranjan. Removed user added #helpme and Ask the Expert tags. Apologies for confusion, shouldn't have been an end-user option***

Case Management
Moderation Team has archived post
Share this page LinkedIn