From d595fd2d57a95b1bab4adcd3de5bd1e7978515c2 Mon Sep 17 00:00:00 2001
From: Court Ewing <court@epixa.com>
Date: Tue, 20 Nov 2018 15:51:41 -0500
Subject: [PATCH] Do not store session cookie when using basic auth headers

---
 .../security/server/lib/authentication/providers/basic.js       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/plugins/security/server/lib/authentication/providers/basic.js b/x-pack/plugins/security/server/lib/authentication/providers/basic.js
index f0b16e35f3cf73..99780b32a88c9e 100644
--- a/x-pack/plugins/security/server/lib/authentication/providers/basic.js
+++ b/x-pack/plugins/security/server/lib/authentication/providers/basic.js
@@ -148,7 +148,7 @@ export class BasicAuthenticationProvider {
 
       this._options.log(['debug', 'security', 'basic'], 'Request has been authenticated via header.');
 
-      return AuthenticationResult.succeeded(user, { authorization });
+      return AuthenticationResult.succeeded(user);
     } catch(err) {
       this._options.log(['debug', 'security', 'basic'], `Failed to authenticate request via header: ${err.message}`);
       return AuthenticationResult.failed(err);