Uploaded image for project: 'Chalmers'
  1. Chalmers
  2. CHAL-100

Users that are deleted or deactivated can stay logged in in folio untill their token expires (=for a VERY long time)

    XMLWordPrintable

Details

    • Bug
    • Status: In Review (View Workflow)
    • TBD
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      Overview:
      It seems that the login functionality does neither take user deletion or deactivation status into consideration after the login has happened, leading to very long log-in sessions for users that should have lost their access to FOLIO.

      Steps to Reproduce:

      1. Using one browser, login to FOLIO wit user account A.
      2. Using another browser logged in as another user with the right permissions or by using an API call, either remove the user from FOLIO, or deactivate the user.

      Expected Results:
      The first browser session is terminated or the user is prevented from performing actions in FOLIO afer a short ammount of time.

      Actual Results:
      The user may stay logged in for months.

      Attachments

        Issue Links

          Activity

            People

              pwanninger Patty Wanninger
              ttolstoy Theodor Tolstoy
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: