Bug 357102

Summary: Microsoft Outlook/OWA logout bypassed by pressing back button repeatedly
Product: [Applications] konqueror Reporter: oxitech <oxitech>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED NOT A BUG    
Severity: normal    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: RedHat Enterprise Linux   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description oxitech 2015-12-23 14:52:44 UTC 
When testing Microsoft Outlook Web Access i pressed logout. Consequently i pasted ( accidently ) the url as in https://webmail.com/owa/ into the adressbar and pressed enter. To my amazement i was logged on to outlook webmail again.

Reproducible: Always

Steps to Reproduce:
1. Logon to Outlook Webmail, press Logout/Signout ("Afmelden" in Dutch)
2. Refresh ... close the tab 
3. Keep pressing the back button, you're now in OWA again ... OR ... open a new tab and copy/past the URL like /owa and same result.


Expected Results:  
Login screen
Comment 1 oxitech 2015-12-23 14:55:03 UTC 
Konqueror version reported 4.10.5 on RHEL7/7.1
Comment 2 oxitech 2015-12-23 21:59:55 UTC 
This is reportedly due to the OWA service and how it works with some authentication services.
Comment 3 oxitech 2015-12-23 22:07:19 UTC 
See for reference ... https://support.microsoft.com/en-us/kb/927907
Comment 4 oxitech 2015-12-23 22:08:24 UTC 
set to resolved, validated to not be browser specific
Comment 5 oxitech 2015-12-23 22:08:46 UTC 
set to resolved, validated to not be browser specific