Skip to main content
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages - Power Apps Portals / Session cookie not inv...
Power Pages - Power Apps Portals
Unanswered

Session cookie not invalidated in logout

(0) ShareShare
ReportReport
Posted on by Elrond30

Hello,

I am running into a security issue in my Power Apps Portal application. I have users with different permissions. And I do the following test:

1. I signed in with an administrator user

2. I copied the session cookie

3. I logged out the administrator user

4. I signed in with another user with less privileges.

5. With a local proxy, I changed the session cookie of the less privileged user

6. I have administrator privileged now.

 

As I have seen, when I make the logout of the administrator user, the response have a set-cookie header, but this header is empty, and the session cookie is not invalidated.


¿There is a way to invalidate a session cookie when the user use the logout function?

 

Thank you,

Best regards

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Paul Stork – Community Spotlight

We are honored to recognize Paul Stork as our July 2025 Community…

Congratulations to the June Top 10 Community Leaders!

These are the community rock stars!

Announcing the Engage with the Community forum!

This forum is your space to connect, share, and grow!

Leaderboard > Power Pages

#1
Lucas001 Profile Picture

Lucas001 60 Super User 2025 Season 1

#2
Fubar Profile Picture

Fubar 55 Super User 2025 Season 1

#3
surya narayanan Profile Picture

surya narayanan 35

Last month Overall leaderboard

Featured topics

Updates on Power Apps Portals - PLEASE READ

Product updates

Microsoft Power Platform Community release plans