You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Session management might be tricky when a third-party is involved, such as the single sign-on provider. In this case, the Vaadin app would have three different session to be taken care of:
the Vaadin session, created by Flow (obtainable by VaadinSession.getCurrent());
the servlet session, created by the HTTP container (e.g. Jetty) which is wrapped by VaadinSession;
the provider session, which it's not currently mapped to any object yet.
Having proper session management is crucial to avoid security issues, such as invalidating the Vaadin session but not the provider's (or the other way around). This might include:
create a new session after successful authentication (possibly transferring session data);
make sure the session expires after a certain amount of time to avoid infinite sessions;
destroy the session when logging out.
Also, being able to share the authentication state between different Vaadin applications using the same provider/client could be considered as a desirable feature.
The text was updated successfully, but these errors were encountered:
Session management might be tricky when a third-party is involved, such as the single sign-on provider. In this case, the Vaadin app would have three different session to be taken care of:
VaadinSession.getCurrent());VaadinSession;Having proper session management is crucial to avoid security issues, such as invalidating the Vaadin session but not the provider's (or the other way around). This might include:
Also, being able to share the authentication state between different Vaadin applications using the same provider/client could be considered as a desirable feature.
The text was updated successfully, but these errors were encountered: