Problem/Motivation

After login with "Remember Me" option, although log out, it still stays logged in.

Tested on Drupal 10.0.9

Steps to reproduce

1. Login with Remember Me option checked.
2. Visit logout
3. Try to re-visit authorized pages only for logged in user.
4. User still can get their.

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Comments

Austin986 created an issue. See original summary.

auseidon986’s picture

auseidon986 commented
Issue summary: View changes
auseidon986’s picture

auseidon986 commented
Title: Can not login » Can not logout
chandreshgiri gauswami’s picture

chandreshgiri gauswami commented
Assigned: Unassigned » chandreshgiri gauswami

I will work on it.

  • gapple committed 8ea85610 on 2.x 
    Issue #3370398: Fix new session initialized when trying to logout
gapple’s picture

gapple
he/they
Primary language English
commented
Title: Can not logout » Cannot logout
Assigned: chandreshgiri gauswami » Unassigned
Issue tags: -logout

Thanks for opening the issue

Since the 2.x branch changed to using the authentication flow to check for a persistent login cookie only when needed, TokenHandler will only have its $token property set on a user's first unauthenticated request (instead of every request, but not revalidating the token, like in 1.x). When clearSessionToken() is called on logout, it still assumed that the token property was already set from the request cookie, so skipped invalidating the token and the user was immediately re-initialized with a new session.

The TokenHandler should now properly load the token if not done so already, in order to properly invalidate it when logging out.

gapple’s picture

gapple
he/they
Primary language English
commented
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.