Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10566

Once a User Status is set to inactive, any sessions related to that user should be automatically destroyed

    Details

    • Type: Improvement
    • Status: Reopened
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 14.0.0-M14
    • Fix Version/s: None
    • Component/s: session
    • Labels:

      Description

      To Replicate

      1) Log into OpenAM as an administrator
      2) Create a new user (say user1)
      3) Log on to OpenAM as user1 (in a different browser)
      4) As an administrator go to subjects and change the User Status to "inactive"
      5) Click on Save
      6) Go back to user1 and attempt to modify the email address

      Expected Behaviour
      ________________
      Not allowed to perform any actions

      Actual Behaviour
      ______________

      User can modify the email address

      Further notes
      ___________

      If I look under sessions then user1 session is still present

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                edward.barker edwardb
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: