Android Box SSO not logging out #379
Labels
Comments
|
The logout will only work on currently logged in accounts. However the
webview will cache sso credentials for some time by default. The sdk should
be clearing on disk cache, but the OS could keep something in memory. Does
killing the app and restarting not log you in?
…On Sun, Jul 8, 2018, 10:20 AM BoyHasNnoName ***@***.***> wrote:
Hi Team,
Recently we found an issue that, BoxSession.logout() api is not clearing
the SSO cache. User can able to access the box files using SSO even though
he logged out from Box. Could you let us know your comments?
1. Login Box using SSO
2. Enter email -> Submit -> Enter Username/Password -> Authentication
success -> Able to access files
3. Logout Box using BoxSession.logout() -> Login again using SSO ->
Enter Email -> Submit -> Entering into Box Files activity without asking
the user credentials.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#379>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAmHYkhv7S3XgAcCeuGymoHiPWbu7RKaks5uEj9vgaJpZM4VGzPV>
.
|
|
Killing the app and restarting works fine as expected but when i logout and login again SSO authentication is not asking for credentials. is there any api for android to clear the whole cache from device? |
|
You can try clearing cookies like this, there are side effects if you have
other webviews.
CookieSyncManager.createInstance(this); CookieManager
cookieManager = CookieManager.getInstance();
cookieManager.removeAllCookies(ValueCallback);
…On Sun, Jul 8, 2018, 8:06 PM BoyHasNnoName ***@***.***> wrote:
Killing the app and restarting works fine as expected but when i logout
and login again SSO authentication is not asking for credentials. is there
any api for android to clear the whole cache from device?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#379 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAmHYtGt7Ncmz6Hd-Gee0y4xNgZYrk2oks5uEsiugaJpZM4VGzPV>
.
|
|
Clearing cookies is not helping out. Still user can able to login without authentication after logout and clearing cookies. |
|
@BoyHasNoName Are you still running into this issue? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Team,
Recently we found an issue that, BoxSession.logout() api is not clearing the SSO cache. User can able to access the box files using SSO even though he logged out from Box. Could you let us know is there any api for clearing chaches?
The text was updated successfully, but these errors were encountered: