Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth regression with session handling #6381

Closed
kevinansfield opened this issue Jan 25, 2016 · 1 comment · Fixed by #6382
Closed

Auth regression with session handling #6381

kevinansfield opened this issue Jan 25, 2016 · 1 comment · Fixed by #6382

Comments

@kevinansfield
Copy link
Contributor

Issue Summary

There has been a regression in session handling since the switch to the adaptive-session-store that manifests itself in not fully logging out if the session is destroyed.

Issue is definitely noticeable when modifying sessions through Web Inspector but it may also be the cause of some recent session bug reports.

Steps to Reproduce

  1. Log in to the admin area as usual
  2. In Web Inspector, find the ghost:session key and delete it
  3. Note that the key content is replaced with undefined
  4. Select one of the posts
  5. You're shown the login screen albeit with the sidebar still displayed

This is a bug because the session invalidated action should be called immediately when the session key is deleted, forcing a refresh and taking you to the login screen. Other session events may also be failing, preventing the display of the re-authenticate modal in certain circumstances.

Technical details

  • Ghost Version: 0.7.5 and master
@acburdine
Copy link
Member

This is (mainly) due to a bug in Ember-Simple-Auth that was fixed as of version 1.0.1

kevinansfield added a commit to kevinansfield/Ghost that referenced this issue Jan 25, 2016
@kevinansfield
deps: ember-simple-auth@1.0.1
7c1f26c 
closes TryGhost#6381
- fixes event forwarding in adaptive session store
@kevinansfield kevinansfield mentioned this issue Jan 25, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

deps: ember-simple-auth@1.0.1 kevinansfield/Ghost
2 participants
@kevinansfield @acburdine