"logout" generates an incorrect redirect URL when deployed behind Apache or Ngnix

[jennaj]

See discussion here: https://help.galaxyproject.org/t/apache-redirect-at-logout/2830

It seems to be at least as old as 19.05 and still present in 19.09.

Bug or a configuration problem?

[bernt-matthias]

Note: same for nginx.

In my case the the login is actually sucessful .. despite that the login page is shown. So already after the first login one can for instance click on "Analyze data" and start to work.

[jennaj]

@bernt-matthias Thanks for clarifying scope/behavior!

That a user is actually logged in but is presented with a login form seems worse. The GUI should be very clear about login status for as many use cases as possible, yes?

Hypothetical scenario: Someone tries to log in, gets that page, doesn't realize is actually logged in, walks away for whatever reason from a shared computer/workstation or desk/own computer, and then someone else could access that account. Not so great for anyone, but if that account is an admin account...

@dannon @natefoo others ... Thoughts?

[RJMW]

We are experiencing the same issue (19.09)

[cche]

I'm experiencing the same on two local galaxy instances. We have had the same behavior on versions 19.05 to 20.01.

On the first instance we login after the second try. This server is behind nginx on the same machine.

The other instance is worse in that the login screen appears recursively and we never get a successful login. If I type the /login path and put my credentials in the login screen and hit enter I have to login a second time to get the menu show the admin entry. Then I can use all menus except for 'Analyze data' which throws me out again. I get access to the histories by going to the admin -> Users and impersonate myself.
This server is behind apache on a different machine.

I have a screen recording if it can help to clarify.

An aside note, the double login started exactly after having an error message after impersonating one of my users. The same thing for the second admin of the Galaxy instance. I can not tell if it is the cause or just a symptom.
Second note, I have the impression that this appeared gradually. At first double login, then recursive login screen for me, followed some time after by the second admin of Galaxy. Now some users are suffering the same. I can not tell if the users have been active the whole time so maybe they just see it now because they did not login for some time.

Please tell me if I can do anything to help.

[bernt-matthias]

Discussion on the dev gitter channel indicates that this is solved on 20.01 - I was able to verify on dev. Anyone planning to upgrade to 19.09 in the next time?

@cche The problems on your 20.01 instance might be due to the apache config.

[mvdbeek]

Thanks @bernt-matthias @cche, sounds like it's resolved then.