My Oracle Support Banner

Security Risk - No Logout Button To Terminate User Session (Doc ID 1297358.1)

Last updated on MARCH 15, 2019

Applies to:

Oracle Utilities Framework - Version 2.2.0.0.0 and later
Information in this document applies to any platform.

Goal


=== ODM Question ===
Security Risk observed due to no Logout Button supported by Framework, the user cannot terminate the session.
In CCB due to not having logout button in the application, any user can still use the existing application. That means closing the browser does not stop another user from using old session and querying the application.
Support Logout feature by adding logout button in the Main Page and also change the Login authentication auth type from ‘BASE’ to ‘FORM in web.xml.
By default the logout button is not displayed but when user sets the property to true then the logout button is displayed in the application.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.