This may be a duplicate of bug 612897. Steps to reproduce on stage and dev: 1. login with valid credentials at the bottom of the crash-stats page 2. log out 3. visit /admin Expected: - After logging out the session is destroyed and the user is asked to re-authenticate. After successfully logging in the user it taken to /admin Actual: - Directly visiting /admin results in the user logging in without being forced to re-authenticate. -The messages "Uh oh! Something wen wrong… You must be logged in to do that" and "You have successfully logged in" are displayed. - The app redirects from /admin to /products/Firefox Webconsole: - logging out [09:23:19.718] GET https://crash-stats.allizom.org/auth/logout [HTTP/1.1 302 Found 220ms] - visiting /admin [09:27:15.590] GET https://crash-stats.allizom.org/admin [HTTP/1.1 302 Found 150ms] [09:27:15.743] GET https://crash-stats.allizom.org/login [HTTP/1.1 302 Found 65ms] [09:27:15.810] GET https://crash-stats.allizom.org/ [HTTP/1.1 302 Found 86ms] [09:27:15.899] GET https://crash-stats.allizom.org/products/Firefox [HTTP/1.1 200 OK 218ms] [09:27:16.163] GET https://crash-stats.allizom.org/css/screen.css?v=1.7.6 [HTTP/1.1 304 Not Modified 9ms] [09:27:16.182] GET https://crash-stats.allizom.org/js/socorro/nav.js?v=1.7.6.js [HTTP/1.1 304 Not Modified 13ms] - screencast - http://screencast.com/t/QIcv89Rgf0SB
[:mbrandt] This is partly a dupe and we can probably mark it as such. The reason you are logged in even after log out, is because we use basic HTTP authentication and your credentials gets cached. There is a little more detail to this but, that is the basic gist of it.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 612897
QA verified duplicate of bug 612897. thx schalk
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.