Hi everyone,
I’m running into an issue with iTop where user logout does not fully invalidate the session. Even after a successful logout, the same session cookie can still be used to:
download attachments
access API endpoints
call web services
It seems the server-side session isn’t being destroyed, and the cookie remains valid until it naturally expires.
Has anyone experienced this or found a fix?
Any guidance would be appreciated.
Hi everyone,
I’m running into an issue with iTop where user logout does not fully invalidate the session. Even after a successful logout, the same session cookie can still be used to:
It seems the server-side session isn’t being destroyed, and the cookie remains valid until it naturally expires.
Has anyone experienced this or found a fix?
Any guidance would be appreciated.
Thanks!