-
Notifications
You must be signed in to change notification settings - Fork 927
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Logout does not clear the tokens #210
Comments
Do you have /api/logout implemented?
|
Yes, api/logout is implemented. After logout refreshing the page seems to be resolving the issue. So for now i am doing a page refresh after a logout. So it works okay for now. |
I'm having a problem where if I call Even opening other browsers (IE, Firefox, Chrome) that I had never opened before, and after ensuring I've cleared my localStorage, cookies, if I open Is there something happening on the server-side that's creating a cookie or localStorage that I can't see from the client-side (browser)? |
@nathanchase exact issue here :( state has user response. i can't see even any network request in devtools |
@nathanchase can u show me some code example? |
@pi0 can u look into this issue? i am waiting to launch my app |
@Chathula The problem code is outlined in this related issue: #213 Essentially, if a user object is empty (i.e., in nuxt.config.js auth config, See this line: https://github.com/nuxt-community/auth-module/blob/dev/lib/core/auth.js#L233 |
The scenario I'm facing could be related: Steps:
All I can think is that, although Vuex looks cleared, there is a token stored somewhere that is persisting after clicking log out. Does anyone think this could be part of the same issue? |
It seems that using store.state.auth.loggedIn instead of auth.loggedIn is a working workaround |
@nathanchase +1 here. After logged out, the token has been cleared but the "ctx" still has the old "user" and "loggedIn" state. https://github.com/nuxt-community/auth-module/blob/dev/lib/core/storage.js#L91 |
The token persists in this.$auth.strategies.local.options.endpoints.user.headers['Authorization'] = null |
@mkstix6 did you manage to find a solution to this? i am having the same issue but only seems to be with ie |
@craigPeckett and @ankitarora05, our code still includes @olibia 's suggestion above. Thank you @olibia . Just wanted to note that some of our package versions are a little old now: |
How can we manually clear the tokens until this is fixed? I'm using auth0 |
Hi @codeofsumit! What version of auth module are you using? |
@JoaoPedroAS51 |
@codeofsumit Thanks. I will make some tests and see if I can find the issue :) You can clear the tokens using |
Thanks @JoaoPedroAS51 - this is my logout action now: async logout({ state, commit }) {
this.$auth.setToken(false)
this.$auth.setRefreshToken(false)
this.$axios.setHeader('Authorization', false)
window.location = `https://${process.env.VUE_APP_AUTHDOMAIN}/v2/logout?returnTo=${window.location.origin}/logout`
}, However, after returning from auth0's logout endpoint, the token is still set in axios. |
@codeofsumit Can you try |
@codeofsumit Oh sorry I forgot to mention that |
@codeofsumit I'm testing here and seems to be working. I think an easier solution is to use async logout({ state, commit }) {
await this.$auth.logout()
window.location = `https://${process.env.VUE_APP_AUTHDOMAIN}/v2/logout?returnTo=${window.location.origin}/logout`
}, |
Hi @mkstix6! What scheme are you using? |
@JoaoPedroAS51 thanks for reminding me. I tried this in the past but somehow it wasn't working as expected so I removed it. It's working fine now and is the best solution of course ❤️ Looking forward to the next version where tokens are refreshed 🎉 |
Hey, ours is configured like so (perhaps there's something weird in there):
|
@mkstix6 Your config looks good to me. But I think What version are you using now? Did you say that using this solves your problem, right? this.$auth.strategies.local.options.endpoints.user.headers['Authorization'] = null |
|
I faced a similar issue when using GitHub's Oauth2 authentication.
The symptom above may be caused by a cookie from It would be appreciated if you could modify, or add some options. |
Hey All. |
I think this is fixed in v5, but not in v4: |
I have problem, the api/aut/logout request was pending forever and not log out with redirect because of the, I think: But other api call work well?! |
if u are using nuxt auth u can try
|
the solution is to delete the token in the backend on logout operation. Thus the upcoming requests (from previously opened tabs) with an old tokens will be blocked. class api_logout(APIView): |
Here is our logout function:
That wipes the token out and reloads the current page which triggers the auth middleware which redirects the user to the login page using the Nuxt Auth middleware. https://auth.nuxtjs.org/guide/middleware/ You can |
I have same issue while log in the second time and duplicate tab which have old account in first log in |
Version
v4.5.1
Reproduction link
https://jsfiddle.net/
Steps to reproduce
logout then login
What is expected ?
Logout should clear the old access tokens. As per this issue ( #57 ) here, its fixed in version 4.0 .
What is actually happening?
Hello, I am facing this issue while trying to log in after a logout. After login api is called and the access token it is set in both localstorage and cookie. But the
fetchUser()
method is using the previous access token. I am using version 4.5.1. I even manually set the axios headers to null.Request response flow:
Login
Request:
Response
Logout
Request
Now when I login again, the access token is changed.
Login 2
Response
And this token is set both on cookie and localstorage. But the
$auth.fetchUser()
api uses the old access token so login is not being completed. Refreshing the page fixes this as the access token stored in the cookie is a valid one.Fetch User
Request
The text was updated successfully, but these errors were encountered: