openid / connect / issues / #35 - Session - 3.2 Session Management Endpoints: GET or POST? — Bitbucket

Issue #35 resolved

OpenID Foundation repo owner created an issue 2011-09-06

The text says:

{{{ Authorization servers MUST support the use of the HTTP "GET" method as define in RFC 2616 }}}

(besides the typo: s/define/defined/) Do we really want it to support "GET"? Would it not leak the session? Should it not be POST?

Comments (4)

Nat Sakimura
- changed status to open
Make at least POST required.
- 2011-09-06T22:43:47+00:00
John Bradley
- assigned issue to
  
  John Bradley
Session management under review.
- 2011-10-06T21:54:20+00:00
John Bradley
- changed status to on hold
Session management is on hold
- 2011-11-03T22:29:21+00:00
Michael Jones
- changed status to resolved
This issue is almost certainly defunct, because the spec has been rewritten. John, if you believe there is still an issue, please reopen and add comments.
- 2013-01-24T16:01:55+00:00
Log in to comment

Assignee: John Bradley

Type: proposal

Priority: major

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!