You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you've chosen to "Stay signed in" when first logging in to RStudio Server, you can never sign out again after the first time you close all browsers. (If you sign out before exiting the browser app, signout will be successful.)
To reproduce:
Make sure you're logged out of RStudio
Log in to RStudio with "Stay signed in" checked
Close all browser windows
Open a browser window and visit RStudio. You will be automatically logged in.
--> 5a) Click on the signout icon in the upper right hand corner
or
--> 5b) Click on the "R" logo on the upper right to get to the home page, then click on the signout icon in the upper right hand corner
This takes you to the page "auth-sign-out" with the error
Missing or incorrect token.
The only way to sign out at this point is to clear cookies.
RSP 1.1.374 on Ubuntu (Xenial), CentOS, and openSUSE.
The text was updated successfully, but these errors were encountered:
jmcphers
changed the title
Can't sign out from RSP if "Stay signed in" is checked when first logging in
Can't sign out from RStudio Server if "Stay signed in" is checked when first logging in
Oct 2, 2017
Another method for signing out—in addition to clearing out cookies—is to point the browser at the “auth-sign-in” page: <RStudio_Server_URI:port>/auth-sign-in
I'm surprised no one's reported this since the issue also exists in 1.0 (and has ever since we added CSRF protection). Fix is pretty simple, and presuming it performs well it's a candidate for backporting.
Fixes an issue in which opening a new browser window can cause you to
lose your CSRF token cookie (and therefore lose access to CRSF-guarded
pages such as signout), since this cookie had no expiration and was
therefore treated as a session cookie.
If you've chosen to "Stay signed in" when first logging in to RStudio Server, you can never sign out again after the first time you close all browsers. (If you sign out before exiting the browser app, signout will be successful.)
To reproduce:
--> 5a) Click on the signout icon in the upper right hand corner
or
--> 5b) Click on the "R" logo on the upper right to get to the home page, then click on the signout icon in the upper right hand corner
This takes you to the page "auth-sign-out" with the error
Missing or incorrect token.
The only way to sign out at this point is to clear cookies.
RSP 1.1.374 on Ubuntu (Xenial), CentOS, and openSUSE.
The text was updated successfully, but these errors were encountered: