Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feedbackinfo not cleared after successful login #1795

Open
thijskh opened this issue Jan 28, 2025 · 0 comments
Open

Feedbackinfo not cleared after successful login #1795

thijskh opened this issue Jan 28, 2025 · 0 comments
Labels
bug

Comments

@thijskh
Copy link
Member

thijskh commented Jan 28, 2025

Error messages provide debug information in feedbackinfo, e.g. the SP entityID/name or IdP entityID/name involved.

These are stored in the user's session. After a succesful login they are not cleared. This means that when an error occurs in a user's session at some point after they've already authenticated, one of two things happens:

  1. The feedbackinfo is overwritten with the new authentication in progress, so is (more or less) correct
  2. The error occurs at a point where (this part of) the feedbackinfo is not yet overwritten, so is misleading.

Possible solutions:

  • Clear feedbackinfo when completing an authentication successfully
  • When starting to register feedbackinfo, clear all existing fields first
  • Store feedbackinfo not globally but per request-id, so associated with the inflight authentications which are also stored separately in the session
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
PHP development
Status: New
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thijskh