Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-136404

OIDC authentication session should be managed separately from OIDC session

    Details

      Description

      During OIDC authentication, there are some values required to be stored in session, however these values are not needed for checking if user is logged in OIDC in later use.

      Current OIDC implementation store these temp session values along with other session values that needed for checking user login status, in the same session object, resulting in:
      1. More in memory storage usage unnecessarily.
      2. Coupled code structure makes it difficult to extend coming feature, e.g. LPS-124898

      This ticket is about to differentiate the two types of session values:
      1. Session values needed only for authentication.
      2. Session values needed for checking user login status.

        Attachments

          Issue Links

          There are no Sub-Tasks for this issue.

            Activity

              People

              Assignee:
              zsigmond.rab Zsigmond Rab
              Reporter:
              arthur.chen Arthur Chen
              Engineering Assignee:
              Arthur Chen
              Recent user:
              Enterprise Release HU
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  7.3.X
                  7.4.13 DXP GA1
                  Master