You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2013-12-31 10:20:03

skorpi
Member
Registered: 2013-12-31
Posts: 3

[0.84.3] Redirect after logout is insecure

We noticed that the redirect after logout is done with JavaScript. This is insecure in that it allows the previous page to be viewed with the back button even after the logout has been performed. Steps to recreate this are as follows:

1. logout from GLPI

2. disable Javascript from the browser

3. press the back button on the browser and you can view the page from the logged in session

The correct way to do the redirect would be to use HTTP Location header.

Offline

Board footer

Powered by FluxBB