Defect #10416

Cannot Logout

Added by Mom Cleomora over 10 years ago. Updated over 8 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Resolution:Cant reproduce Affected version:

Description

I've just upgraded to 1.3.1, everything works fine except I cannot Logging out.
It seems similar to #9840, #9118 but I could not solve with same solutions.

About my application's environment,
Ruby version 1.8.7 (i686-linux)
RubyGems version 1.4.2
Rack version 1.1
Rails version 2.3.14
Active Record version 2.3.14
Active Resource version 2.3.14
Action Mailer version 2.3.14
Active Support version 2.3.14
Application root /home/jcit/rails_apps/redmine13
Environment production
Database adapter mysql

History

#1 Updated by Jean-Philippe Lang over 10 years ago

except I cannot Logging out

More details please.

#2 Updated by Mom Cleomora over 10 years ago

Thank you so much for asking.

It still keeps me in logged-in status after I clicked on Sign out.
This means, once I Logged in there is no way to log out other than deleting browser's cookie manually.

http://doraemon.phsaez.com
ID/pass: guest/guest

Regards,

#3 Updated by Jean-Philippe Lang over 10 years ago

  • Resolution set to Cant reproduce

The Set-Cookie header is broken when I try to logout from http://doraemon.phsaez.com.

I get:

Set-Cookie: autologin=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT_redmine_session=xxx--xxx; path=/; HttpOnly

I should get:

Set-Cookie: autologin=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT_
Set-Cookie: redmine_session=xxx--xxx; path=/; HttpOnly

I found a similar issue reported here: http://rubyforge.org/pipermail/mongrel-unicorn/2011-June/001001.html

It doesn't seem to be a Redmine issue but a rack/http server issue.

#4 Updated by Mom Cleomora over 10 years ago

I see. I am following the thread. It seems that newer version of rail does not handle multiple cookies correctly.

Now I've disabled the Autologin, I still cannot logout.
Is this also same cookie broken issue?

#5 Updated by Mom Cleomora over 10 years ago

  • Status changed from New to Resolved

temporarily solved with hard code work around.

#6 Updated by Dominik Fuchshofer over 10 years ago

Could you please post the workaround?

#7 Updated by Mom Cleomora over 10 years ago

First of all let me say I don't know about ruby.

What I did is, moved this line --> self.logged_user = nil in account_controller.rb to make sure it is called when user logout.

Redmine1.3.1/app/controllers/account_controller.rb (After modified)

  def logout_user
    self.logged_user = nil
    if User.current.logged?
      cookies.delete :autologin
      Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
    end
  end

Please look into this file, I guess it relates to the login/logout behavior.

#8 Updated by Jan Niggemann (redmine.org team member) over 8 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF