Opened 3 years ago
Last modified 3 years ago
#49258 new enhancement
Improper Session Termination
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 5.1.1 |
| Component: | Users | Keywords: | has-patch needs-testing |
| Focuses: | administration | Cc: |
Description
After Logout into wordpress back-end when we press “Back” button of the browser an authenticated page got displayed without entering any valid credentials.
Change History (5)
#3
in reply to:
↑ 2
@
3 years ago
The Clear-Site-Data header clears browsing data (cookies, storage, cache) associated with the requesting website. It allows web developers to have more control over the data stored locally by a browser for their origins.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
The function wp_logout in pluggable.php should send the header:
header('Clear-Site-Data:"*"');
This ticket was mentioned in PR #457 on WordPress/wordpress-develop by khag7.
3 years ago
#4
- Keywords has-patch added
Trac ticket:
Note: See
TracTickets for help on using
tickets.
Shameless self-plug to a plugin I have put together that helps mitigate this with Clear-Site-Data HTTP header: https://wordpress.org/plugins/clear-logout/