Defect #10416
closed
Cannot Logout
0%
Description
I've just upgraded to 1.3.1, everything works fine except I cannot Logging out.
It seems similar to #9840, #9118 but I could not solve with same solutions.
About my application's environment,
Ruby version 1.8.7 (i686-linux)
RubyGems version 1.4.2
Rack version 1.1
Rails version 2.3.14
Active Record version 2.3.14
Active Resource version 2.3.14
Action Mailer version 2.3.14
Active Support version 2.3.14
Application root /home/jcit/rails_apps/redmine13
Environment production
Database adapter mysql
Updated by Jean-Philippe Lang about 12 years ago
except I cannot Logging out
More details please.
Updated by Mom Cleomora about 12 years ago
Thank you so much for asking.
It still keeps me in logged-in status after I clicked on Sign out.
This means, once I Logged in there is no way to log out other than deleting browser's cookie manually.
http://doraemon.phsaez.com
ID/pass: guest/guest
Regards,
Updated by Jean-Philippe Lang about 12 years ago
- Resolution set to Cant reproduce
The Set-Cookie header is broken when I try to logout from http://doraemon.phsaez.com.
I get:
Set-Cookie: autologin=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT_redmine_session=xxx--xxx; path=/; HttpOnly
I should get:
Set-Cookie: autologin=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT_ Set-Cookie: redmine_session=xxx--xxx; path=/; HttpOnly
I found a similar issue reported here: http://rubyforge.org/pipermail/mongrel-unicorn/2011-June/001001.html
It doesn't seem to be a Redmine issue but a rack/http server issue.
Updated by Mom Cleomora about 12 years ago
I see. I am following the thread. It seems that newer version of rail does not handle multiple cookies correctly.
Now I've disabled the Autologin, I still cannot logout.
Is this also same cookie broken issue?
Updated by Mom Cleomora about 12 years ago
- Status changed from New to Resolved
temporarily solved with hard code work around.
Updated by Dominik Fuchshofer almost 12 years ago
Could you please post the workaround?
Updated by Mom Cleomora almost 12 years ago
First of all let me say I don't know about ruby.
What I did is, moved this line --> self.logged_user = nil in account_controller.rb to make sure it is called when user logout.
Redmine1.3.1/app/controllers/account_controller.rb (After modified)
def logout_user
self.logged_user = nil
if User.current.logged?
cookies.delete :autologin
Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
end
end
Please look into this file, I guess it relates to the login/logout behavior.
Updated by Jan Niggemann (redmine.org team member) over 9 years ago
- Status changed from Resolved to Closed