Release date for 3.1.0

Cantor, Scott cantor.2 at
Thu Mar 5 14:57:30 EST 2020

> The SP looks up the session based on the NameID alone. The cookie is cross
> checked if it's there but not if it isn't.

It occurred to me when logging into something with a SameSite bug that what you really meant is that you're not doing a SAML logout. The proprietary endpoint should never be used by an IdP but if you're misusing it
 to do a logout remotely, yes, it does require the cookie there for obvious reasons.

-- Scott

More information about the users mailing list