Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem with logging out #19

Closed
SEJeff opened this issue Aug 26, 2019 · 2 comments

Comments

@SEJeff
Copy link

commented Aug 26, 2019

I took a quick stab at implementing a "logout" handler to this app as the Try it again? link not actually being a logout but just a redirect to / with the session still valid irked me. This is the patch I did:

$ git diff
diff --git a/server/server.go b/server/server.go
index 826a73b..7a2afc0 100644
--- a/server/server.go
+++ b/server/server.go
@@ -93,6 +93,7 @@ func (ws *Server) registerRoutes() {

        // Authenticated handlers for viewing credentials after logging in
        router.HandleFunc("/dashboard", ws.LoginRequired(ws.Index))
+       router.HandleFunc("/logout", ws.LoginRequired(ws.Logout))

        // Static file serving
        router.PathPrefix("/").Handler(http.FileServer(http.Dir("./static/")))
diff --git a/server/user.go b/server/user.go
index d4dfa97..f468df1 100644
--- a/server/user.go
+++ b/server/user.go
@@ -55,3 +55,14 @@ func (ws *Server) UserExists(w http.ResponseWriter, r *http.Request) {
        }
        jsonResponse(w, existsResponse{Exists: true}, http.StatusOK)
 }
+
+// Logout logs out the current logged in user and redirects them to
+// the homepage
+func (ws *Server) Logout(w http.ResponseWriter, r *http.Request) {
+       log.Infof("Logging out")
+       // Calling store.MaxAge(-1) will expire *all* sessions for all
+       // users and this only expires the existing session
+       //      https://godoc.org/github.com/gorilla/sessions#CookieStore.MaxAge
+       ws.store.Options.MaxAge = -1
+       http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
+}

I logged in with user a@a in a chrome window and then b@b in an incognito window. I logged out of user a@a and this worked, but when attempting to re-login with a@a I'm only getting http 400 from /assertion with "error unmarshaling data". What super obvious thing am I missing?

@SEJeff

This comment has been minimized.

Copy link
Author

commented Aug 27, 2019

The log also mentions an invalid time stamp on the securecookie

@SEJeff SEJeff changed the title Problem with Problem with logging out Aug 27, 2019

@SEJeff

This comment has been minimized.

Copy link
Author

commented Sep 17, 2019

"fixed" by just setting the cookie Expires to time.Unix(0, 0) instead of fooling with the maxage bits.

@SEJeff SEJeff closed this Sep 17, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.