Application does not clear previous requestor session details
The requirement is to clear the previous requestor session details when a new user logs in.
Steps to Reproduce
Consider two users, User A and User B
- Log in with User A's Request ID
- Use the browser Back button to navigate back to the login screen.
- Log in with User B's Request ID. User A session details display.
An issue in the custom application code or rules.
Perform the following local-change:
- Disable the Back button.
- Add a link, 'Click to login'. On clicking the link, the previous user session is terminated.
0% found this useful