Page 1 of 1

[MP4] [ISSUE] Logout not working correctly when using oAuth (security thingy)

Posted: 12 Aug 2017, 14:05
by toffe
Hey :),

When you use oAuth2 and redirecting to the authorize route, it will pass and redirect, even when the user did logout on the site.
Using the prefixed URL for the oAuth requests (maybe this is the thing?, but it stated in the docs). It seems the session never gets fully killed or invalidated correctly or the two are separate sessions, which is maybe a problem when you think you are fully logged out, but you aren't really all the way.

You can reproduce with the following steps:
1. Create oAuth2 app and hit Login button.
2. It will redirect to the oAuth2 route of the API/WS.
3. Login with your credentials.
4. Accept the App and get redirected back to the app.
5. Head towards and login if not yet done.
6. Logout on
7. Kill session of app and hit the logon button again.

EDIT: It seems also weird that you want to have the chat activated when you login via oAuth screen btw, maybe remove it if it's an oAuth request?

Re: [MP4] [ISSUE] Logout not working correctly when using oAuth (security thingy)

Posted: 21 Aug 2017, 10:33
by magnetik
The session was indeed not shared between the two domains. This is now fixed :thumbsup: