Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

invalidate web UI tokens after logout #3493

Open
Assignees
@aead

Description

Expected Behavior

After logging in using access credentials, the user is able to perform an explicit log-out.
This should invalidate the JWT token such that no other API operations are possible.

Current Behavior

After logout the user can still perform arbitrary API operations using its token. Hence, the token is not
invalidated.

Possible Solution

Console should issue a delete for the session token to MinIO when the user logs out.

Steps to Reproduce (for bugs)

  1. Login to the web UI
  2. Copy the JWT token - e.g. via the developer console
  3. Issue a curl request (e.g. S3 GET) using the token

Context

Security

Metadata

Metadata

Type

No type

Projects

No projects

Milestone

No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      AltStyle によって変換されたページ (->オリジナル) /