Sometimes, user is unable to log out

VERIFIED FIXED in 5.12.3

Status

addons.mozilla.org Graveyard
Public Pages
VERIFIED FIXED
7 years ago
2 years ago

People

(Reporter: krupa, Unassigned)

Tracking

Details

(Whiteboard: [z])

(Reporter)

Description

7 years ago
Firefox 4.0b7 and 3.6.12

STR:
1. Log in to preview
2. Log out

observed behavior:
User is still logged-in and cannot log out even after multiple attempts

reproducible: sometimes

extra brownie points for fixing this, because it is driving me nuts.

screencast: http://screencast.com/t/3B8dQIKq

headers:
https://addons.allizom.org/users/logout?to=/en-US/firefox/

GET /users/logout?to=/en-US/firefox/ HTTP/1.1
Host: addons.allizom.org
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12)
Gecko/20101026 Firefox/3.6.12
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en,kn;q=0.7,en-us;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://addons.allizom.org/en-US/firefox/
Cookie: csrftoken=25671f410e34f4f2aeabb0f30989bd76; amo_home_promo_seen=5;
AMOappName=firefox; sessionid=2964fd8dad65cd055d35176543987b49

HTTP/1.1 302 Found
Server: Apache
X-Backend-Server: pm-app-amo24
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,
private
Content-Type: text/html; charset=UTF-8
Date: Fri, 12 Nov 2010 19:33:51 GMT
Location:
https://addons.allizom.org/en-US/users/logout?to=%2Fen-US%2Ffirefox%2F
Keep-Alive: timeout=5, max=1000
X-AMO-ServedBy: pm-app-amo24.mozilla.org
Pragma: no-cache
Via: Moz-Cache-pm-zlb-amo01
Connection: Keep-Alive
X-Powered-By: PHP/5.2.9
X-Cache-Info: not cacheable; response specified "Cache-Control: no-store"
Content-Length: 0
This is hitting /logout in PHP so the django sessionid cookie sticks around, but AMOv3 is cleared.

It seems like we should be serving /logout from zamboni since we have code to clear the AMOv3 cookie after clearing sessionid.  This will leave the remora session in the db but we have gc for that already.

> extra brownie points for fixing this, because it is driving me nuts.

If you hit /z/logout this should work better.
Assignee: jbalogh → nobody
Target Milestone: 5.12.3 → 5.12.4
I thought we kept login/logout on remora for a reason.  If zamboni has "remove amov3" code though, we could do that.  Otherwise telling remora to delete "sessionid" would be easy too.
Target Milestone: 5.12.4 → 5.12.7
It looks like we already have remora deleting the django cookie.

        // delete the django cookie
        setcookie("sessionid", "", time()-3600, "/");

I bet this is busted because of the new SESSION_COOKIE_DOMAIN, and if that's true we need to fix it before the next release.
Target Milestone: 5.12.7 → 5.12.3
Hmm, that would be a good call and an easy fix.  Krupa, can you show us all your *allizom.org cookies?  If jeff is right, you probably have two named sessionid with slightly different domains
Duplicate of this bug: 612216
I delete both cookies in r77551.  Perhaps this is fixed?
I never saw the problem, but this clears out r and z sessions for me.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
(Reporter)

Comment 8

7 years ago
Clouserw,

Sorry I didn't see your request, as I wasn't paying much attention to my bugmail over the weekend.

Also this is fixed. thanks.
Status: RESOLVED → VERIFIED
(Assignee)

Updated

2 years ago
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.