Hello, I came across this cookie recently when I noticed weird CAS behavior on logout. Sometimes CAS would attempt to do a logout via the delegated authentication client (Azure/Entra), despite the fact that the user was using database authentication.
>From what I can tell, this is due to the presence of the DISSESSIONAuthnDelegation cookie, which is set when logging in via Azure/Entra delegated authentication and contains a JWT. However, the associated logout is not clearing this cookie. I was able to track its creation to DelegatedAuthenticationEventExecutionPlanConfiguration.java but I cannot find any mention of it in the docs.The cookie cannot be deleted with javascript since it's set to http-only and I cannot find any CAS configs that would facilitate its removal upon logout. Any info would be appreciated. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b3c02621-31ac-419c-a5f7-8bbf326ef6a4n%40apereo.org.
