hdygxsj commented on code in PR #14743:
URL:
https://github.com/apache/dolphinscheduler/pull/14743#discussion_r1295341511
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/LoginController.java:
##########
@@ -160,4 +180,77 @@ public Result signOut(@Parameter(hidden = true)
@RequestAttribute(value = Consta
request.removeAttribute(Constants.SESSION_USER);
return success();
}
+
+ @DeleteMapping("cookies")
+ public void clearCookieSessionId(HttpServletRequest request,
HttpServletResponse response) {
+ Cookie[] cookies = request.getCookies();
+ for (Cookie cookie : cookies) {
+ cookie.setMaxAge(0);
Review Comment:
Yes, now with OAuth2 authorization, the back end will create the user using
the user information and return the sessionId. However, if a user tries to
login as a local user before login with OAuth2, two Sessionids will be
generated in the cookie, and the Sessionids generated after OAuth2
authorization cannot overwrite the sessionIds generated, resulting in an
authorization failure.To sum up, before jumping to the OAuth2 authorization
page, we need to clear the current cookie.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
