Defect #10416
closed
Added by Mom Cleomora almost 13 years ago.
Updated over 10 years ago.
Resolution:
Cant reproduce
Description
I've just upgraded to 1.3.1, everything works fine except I cannot Logging out.
It seems similar to #9840, #9118 but I could not solve with same solutions.
About my application's environment,
Ruby version 1.8.7 (i686-linux)
RubyGems version 1.4.2
Rack version 1.1
Rails version 2.3.14
Active Record version 2.3.14
Active Resource version 2.3.14
Action Mailer version 2.3.14
Active Support version 2.3.14
Application root /home/jcit/rails_apps/redmine13
Environment production
Database adapter mysql
except I cannot Logging out
More details please.
Thank you so much for asking.
It still keeps me in logged-in status after I clicked on Sign out.
This means, once I Logged in there is no way to log out other than deleting browser's cookie manually.
http://doraemon.phsaez.com
ID/pass: guest/guest
Regards,
- Resolution set to Cant reproduce
The Set-Cookie header is broken when I try to logout from http://doraemon.phsaez.com.
I get:
Set-Cookie: autologin=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT_redmine_session=xxx--xxx; path=/; HttpOnly
I should get:
Set-Cookie: autologin=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT_
Set-Cookie: redmine_session=xxx--xxx; path=/; HttpOnly
I found a similar issue reported here: http://rubyforge.org/pipermail/mongrel-unicorn/2011-June/001001.html
It doesn't seem to be a Redmine issue but a rack/http server issue.
I see. I am following the thread. It seems that newer version of rail does not handle multiple cookies correctly.
Now I've disabled the Autologin, I still cannot logout.
Is this also same cookie broken issue?
- Status changed from New to Resolved
temporarily solved with hard code work around.
Could you please post the workaround?
First of all let me say I don't know about ruby.
What I did is, moved this line --> self.logged_user = nil in account_controller.rb to make sure it is called when user logout.
Redmine1.3.1/app/controllers/account_controller.rb (After modified)
def logout_user
self.logged_user = nil
if User.current.logged?
cookies.delete :autologin
Token.delete_all(["user_id = ? AND action = ?", User.current.id, 'autologin'])
end
end
Please look into this file, I guess it relates to the login/logout behavior.
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by