Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logout does not work as expected #756

Closed
adrienjoly opened this issue Dec 29, 2023 · 6 comments
Closed

Logout does not work as expected #756

adrienjoly opened this issue Dec 29, 2023 · 6 comments
Labels
bug

Comments

@adrienjoly
Copy link
Member

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • Version [e.g. 22]

Smartphone (please complete the following information):

  • Device: [e.g. iPhone6]
  • OS: [e.g. iOS8.1]
  • Browser [e.g. stock browser, safari]
  • Version [e.g. 22]

Additional context
Add any other context about the problem here.
@adrienjoly
Copy link
Member Author

After logging out, it appears that I'm still legged in.

Going to /login shows the Auth0 login screen, so it seems that Auth0 sees me as logged out, by not openwhyd.

I thought that is was caused by 8356517, but reverting that commit didn't fix the problem.

@adrienjoly adrienjoly added the bug label Dec 29, 2023
@adrienjoly
Copy link
Member Author

adrienjoly commented Dec 29, 2023
edited

Note:

  • just before that, it appeared that I was logged out, but had to go to the login page to see that I was logged in.
  • and I also went to the /register page, which redirected me to my openwhyd hompege (as I was already logged in), but sent me a "welcome" email. => don't sent "welcome" email when logging in thru /register #757

adrienjoly pushed a commit that referenced this issue Dec 29, 2023
@semantic-release-bot
chore(release): 1.59.8 [skip ci]
ae1de06 
## [1.59.8](v1.59.7...v1.59.8) (2023-12-29)

### Bug Fixes

* **auth:** logout local session after auth0 logout ([6e7299d](6e7299d)), closes [#756](#756)
* comments ([21c0f23](21c0f23))
* **env:** no need to expose local db, assuming that users were uploaded to auth0 "dev" tenant's db ([31b1019](31b1019))
* **env:** typo on required env var: `AUTH0_CLIENT_SECRET` ([eb54506](eb54506))
* **makefile:** `docker-seed` to start services ([998607b](998607b))
* **makefile:** `make dev` to start openwhyd against "dev" auth0 tenant ([4a1ae82](4a1ae82))
@adrienjoly adrienjoly reopened this Dec 29, 2023
@adrienjoly
Copy link
Member Author

Logout works as expected on localhost, against "dev" Auth0 tenant, but still not in production.

@adrienjoly
Copy link
Member Author

adrienjoly commented Dec 29, 2023
edited

Update: logout worked in prod after "clearing site data" of openwhyd.org, using chrome dev tools.

=> no more whydSid cookie (amongst others)

How to fix?

  • remove/toggle references to whydUid (it's still useful for analytics / logging)
  • remove/toggle references to whydSid
  • remove/toggle references to request.session
  • remove/toggle references to req.session
  • remove/toggle references to express-session
  • remove/toggle references to connect-mongo

adrienjoly added a commit that referenced this issue Dec 29, 2023
@adrienjoly
fix(auth): make sure that request.session is defined, even if auth0…
79523d9 
… is used

contributes to #756.
adrienjoly added a commit that referenced this issue Dec 29, 2023
@adrienjoly
fix(auth): make sure that whydUid is cleared after logout from Auth0
9ab6305 
contributes to #756.
adrienjoly pushed a commit that referenced this issue Dec 29, 2023
@semantic-release-bot
chore(release): 1.59.9 [skip ci]
f4a3baf 
## [1.59.9](v1.59.8...v1.59.9) (2023-12-29)

### Bug Fixes

* **auth:** make sure that `request.session` is defined, even if auth0 is used ([79523d9](79523d9)), closes [#756](#756)
* **auth:** make sure that `whydUid` is cleared after logout from Auth0 ([9ab6305](9ab6305)), closes [#756](#756)
adrienjoly added a commit that referenced this issue Dec 29, 2023
@adrienjoly
fix(auth): make sure that legacy auth/session middleware is not initi…
1ada22f 
…alize alongside Auth0

contributes to #756.
adrienjoly pushed a commit that referenced this issue Dec 29, 2023
@semantic-release-bot
chore(release): 1.59.10 [skip ci]
66a399e 
## [1.59.10](v1.59.9...v1.59.10) (2023-12-29)

### Bug Fixes

* **auth:** make sure that legacy auth/session middleware is not initialize alongside Auth0 ([1ada22f](1ada22f)), closes [#756](#756)
@adrienjoly
Copy link
Member Author

This commit also contributes to fixing this issue: 25e5e65

@adrienjoly
Copy link
Member Author

References, if the issue re-appears:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adrienjoly