Skip to content

Why we need sid security? #1953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
littlefisher666 opened this issue Mar 28, 2025 · 0 comments
Closed

Why we need sid security? #1953

littlefisher666 opened this issue Mar 28, 2025 · 0 comments
Assignees
@jgrandja
Labels
status: invalid An issue that we don't feel is valid

Comments

@littlefisher666
Copy link

#1185

I read the code about 'sid security', but when I use 'spring-boot-starter-oauth2-client' to logout, the sessionId cannot be found anymore.

OidcBackChannelLogoutFilter in spring-boot-starter-oauth2-client get sid from id_token which is encoded.
OidcBackChannelLogoutHandler in spring-boot-starter-oauth2-client send http request to authorization-server to logout with encoded sid in cookie.
Image

But it cannot be found in authorization-server with the encoded sessionId in HttpServletRequest
Image
@littlefisher666 littlefisher666 added the type: bug A general bug label Mar 28, 2025
@jgrandja jgrandja self-assigned this Mar 28, 2025
@jgrandja jgrandja added status: invalid An issue that we don't feel is valid and removed type: bug A general bug labels Mar 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
status: invalid An issue that we don't feel is valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgrandja @littlefisher666