Skip to content

Commit

Permalink
Merge pull request #378 from Ranj101/patch-2
Browse files Browse the repository at this point in the history
Fixes wording error
  • Loading branch information
josephdecock authored Nov 28, 2023
2 parents 1ec3553 + 040244d commit c31aaf6
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions IdentityServer/v5/docs/content/ui/logout/session_cleanup.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,9 @@ Typically you should prompt the user to logout which requires a POST to remove t
Otherwise an attacker could hotlink to your logout page causing the user to be automatically logged out.
This means you will need a page to prompt the user to logout.

If a *logoutId* is passed to the login page and the returned *LogoutRequest*'s *ShowSignoutPrompt* is *false* then it is safe to skip the prompt.
If a *logoutId* is passed to the logout page and the returned *LogoutRequest*'s *ShowSignoutPrompt* is *false* then it is safe to skip the prompt.
This would occur when the logout page is requested due to a validated client initiated logout via the [end session endpoint]({{<ref "/reference/endpoints/end_session">}}).
Your logout page process can continue as if they user submitted the post back to logout, in essence calling *SignOutAsync*.
Your logout page process can continue as if the user submitted the post back to logout, in essence calling *SignOutAsync*.

### External Logins

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ Typically you should prompt the user to logout which requires a POST to remove t
Otherwise an attacker could hotlink to your logout page causing the user to be automatically logged out.
This means you will need a page to prompt the user to logout.

If a *logoutId* is passed to the login page and the returned *LogoutRequest*'s *ShowSignoutPrompt* is *false* then it is safe to skip the prompt.
If a *logoutId* is passed to the logout page and the returned *LogoutRequest*'s *ShowSignoutPrompt* is *false* then it is safe to skip the prompt.
This would occur when the logout page is requested due to a validated client initiated logout via the [end session endpoint]({{<ref "/reference/endpoints/end_session">}}).
Your logout page process can continue as if the user submitted the post back to logout, in essence calling *SignOutAsync*.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ Typically you should prompt the user to logout which requires a POST to remove t
Otherwise an attacker could hotlink to your logout page causing the user to be automatically logged out.
This means you will need a page to prompt the user to logout.

If a *logoutId* is passed to the login page and the returned *LogoutRequest*'s *ShowSignoutPrompt* is *false* then it is safe to skip the prompt.
If a *logoutId* is passed to the logout page and the returned *LogoutRequest*'s *ShowSignoutPrompt* is *false* then it is safe to skip the prompt.
This would occur when the logout page is requested due to a validated client initiated logout via the [end session endpoint]({{<ref "/reference/endpoints/end_session">}}).
Your logout page process can continue as if the user submitted the post back to logout, in essence calling *SignOutAsync*.

Expand Down

0 comments on commit c31aaf6

Please sign in to comment.