Remove state cookie from browser upon cancelling a login attempt #771

varkychen · 2022-01-19T08:47:33Z

varkychen
Jan 19, 2022

We use an Apache reverse proxy (with mod_auth_openidc plugin) and PingFed to federate logins to our application. One of the IdPs PingFed federates with is a custom email based login mechanism for Users to register and access our application. Each login attempt is tracked by a state cookie. How can we instruct the reverse proxy (via Pingfed) to remove the state cookie if the user cancels the login attempt ?

Can the application (directly or via PingFed) request the reverse proxy to tear-down the login attempt ? Something on the lines of a logout URL using the state parameter value passed in to exactly match the login attempt ?

varkychen · 2022-01-22T06:37:13Z

varkychen
Jan 22, 2022
Author

Can we tear-down the login attempt by calling a url like /callback?error=login_required&state=akicbnaw&error_uri=https://google.com on the reverse proxy ?

1 reply

zandbelt Jan 22, 2022
Maintainer

yes, that should work

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Remove state cookie from browser upon cancelling a login attempt #771

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Remove state cookie from browser upon cancelling a login attempt #771

Uh oh!

Uh oh!

varkychen Jan 19, 2022

Replies: 1 comment · 1 reply

Uh oh!

varkychen Jan 22, 2022 Author

Uh oh!

zandbelt Jan 22, 2022 Maintainer

varkychen
Jan 19, 2022

Replies: 1 comment 1 reply

varkychen
Jan 22, 2022
Author

zandbelt Jan 22, 2022
Maintainer