Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18171

Back-Channel logout keeps adding to trackingIds audit for every logout

    XMLWordPrintable

    Details

    • Rank:
      1|i01bm7:o
    • AM Sustaining Sprint 88
    • 5

      Description

      Bug description

      When using Back-Channel logout, every time a user uses BCL, the audit entry contains all previous trackingIds from past logouts which means every new logout audit entry increases in size. Does the latest session audit entry need to refer to all trackingIds from past destroyed sessions - is this intentional?

      How to reproduce the issue

      1. Install AM
      2. Run the fullĀ Postman Collection
      3. Then run the second part of the collection a few times
      4. Check the audit logs using something likeĀ grep "AM-BACK-CHANNEL-LOGOUT" activity.audit.json and you'll notice the trackingIds array keeps getting added to.
      Expected behaviour
      The concern is that the audit log may grow to an unsustainable size with multiple users carrying out multiple logouts and that aside from the user, there is no link between the sessions.
      Current behaviour
      trackingIds entry keeps being added to indefinitely. It contains trackingIds from all previous logouts for that user.

        Attachments

          Activity

            People

            isaac.taylor Isaac Taylor
            aaron.haskins Aaron Haskins
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: