stable

Clone or download

Read-only

Do not instruct browsers to clear cookies with Clear-Site-Data header on logout

When using the type "cookies" in the Clear-Site-Data header, all the cookies of the origin's eTLD and its subdomains will be affected [0]. For example, if you logout from your Tuleap instance at tuleap.example.com, the cookies of an application located at qa.app.example.com will also be deleted. This behavior is too aggressive to be used by default. This is part of request #12875: Clear all site data on users logout [0] https://w3c.github.io/webappsec-clear-site-data/#clear-cookies Change-Id: I5572bd9f1495ca4e82adca85097fccf7f23c7db9

Modified Files

Name
M src/common/User/Account/LogoutController.php +1 −1 Go to diff View file