[Bug]: Logout does not clear session token when using auth headers to login #2747
Comments
|
@deathblade666 which session token are you referring to? The user-token in the browser is removed, but if you are using a third party auth provider, we aren't clearing their session tokens. Which might result in an automatic re-login. |
That makes sense, yeah that's probably it honestly unsure how to tell which is which just noticed the token is still there and it autologins back in as soon as I try to logout. Based on your in-out its probably the thrid party token (I use authentik) that's not clearing. |
Yeah, it looks might be an issue with authentik's sign out methods |
|
I'm going to go ahead and close this bug. But if someone wants to add a feature that makes this easier to implement a workaround for, please go ahead and open a feature request/PR. We aren't going to accept something that is tied to a particular provider, but I could see us accepting a change that adds one more network request from the frontend to the backend on logout. (that in the future could be used to invalidate backend tokens). Similar to login, users of authetic and a proxy in front of the backend could then take their own custom actions while proxying that logout route. |
Verified issue does not already exist?
What happened?
Setup HTTP Auth header login, pressed logout to end the session, it immediately logs back in as the session token doesnt cleared
Where are you hosting Actual?
Docker
What browsers are you seeing the problem on?
Firefox, Chrome
Operating System
Linux
The text was updated successfully, but these errors were encountered: