Comments (5)
@AndersAbel Is there a good way to reproduce this issue in a test? The bug makes sense at the level of the code path within IdentityServerTools, but I don't see how we would invoke that through "normal" operations. The only way I can think of making this happen is, invoke the session management service from the UI, and don't pass the session identifier into the context object that you need to pass to the service.
from identityserver.
I pulled this forward from 6.3.6 to a new 6.3.7 milestone (since 6.3.6 is already released). Unfortunately the fix will require a breaking change, so should we push it to v7?
from identityserver.
This is customer reported. They had to rollback to a previous version because of this. We need to coordinate with them if they can wait until v7.
from identityserver.
PR merged.
from identityserver.
For future reference, we merged because we found an approach that would not be as disruptive, and because this is a bug fix.
from identityserver.
Related Issues (20)
- CryptographicException while calling /.well-known/openid-configuration (.NET 8) HOT 14
- Check for empty ClientIds and Types collections in PersistedGrantFilter HOT 2
- Rewrite LicenseValidator.ValidateClient to not use ConcurrentDictionary HOT 1
- Consider post-quantum cryptography sample
- Consider allowing customization of PromptValuesSupported
- Consider allowing multiple IEventSink registrations HOT 2
- Investigate support for X509 Certs and EC Keys HOT 1
- Add logging when DistributedCacheStateDataFormatter returns null HOT 6
- Let EF migrations create default table names
- GetIdentityServerRelativeUrl should take into account when IdentityServer is running at a subpath HOT 1
- Claim Issuer not persisted when using Server Side Sessions HOT 3
- Infinite loop when max_age=0
- IdentityServer Error LogLevel HOT 1
- Identity Server Login and Logout Localization Limitations HOT 6
- Add server side session support for the external cookie scheme HOT 2
- Cookie Expiration with Serverside sessions doesn't revoke tokens
- Consider lowering the ClockSkew in TokenValidator
- Consider letting redirect url respect response_mode after receiving invalid request on authorization endpoint
- Consider extensibility point for sub/sid validation during endsession HOT 1
- Consider adding strict license check for features in dev/test
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identityserver.