Signed Session Not Working With pac4j /logout #1737
Description
There seems to be a bug with the signed sessionStore. I am not sure if this is enough information, but I will try my best to explain. When using pac4j module to login using the FormClient, session works fine, I can get back to where I was logged in without the need to re-log in, even on server restarts. However, when I manually log out, or clear the cookies, for some reason when initiating the log in again just doesn't work as expected. It does try to log in, but does not return the page requested, unless you manually go to /logout again and then re-log in.
I am using this session store:
setSessionStore(SessionStore.signed((sessionStore), new Cookie("Test").setMaxAge(Duration.ofDays(7))));
Without the session it works fine, you can log out and log back in.
Something to note here is if you just try to log out and log in without closing the tab, or going to another page it works. As soon as there is navigation to another page, or a close and re-opening of the tab, the login does not return the requested page, in stead just logs in and goes back (refreshes) to the login page. A manual visit to /logout is the only solution to fix the problem, otherwise it won't log in.
It also appears that this issue persists when visiting a protected url after logout. For example the url /test is protected and you must be logged in to view. So if you /logout and go to home /, then try to go to /test, it redirects to login which is fine, but when you try to log in, it won't work unless you manually /logout again.
Let me know if this makes sense.