rhtyd commented on issue #4136: URL: https://github.com/apache/cloudstack/issues/4136#issuecomment-641710337
The issue happens because from code we're unable to clear HttpOnly cookie[1], this cookie can only be cleared by CloudStack (i.e. the server, not the client) and the fix is to call the logout API (which Primate does as well) when we get 401 error on the first API we call to validate auth (listCapabilities). [1] https://owasp.org/www-community/HttpOnly ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
