search

AxonIQ / axon-server-se

Axon Server - Standard Edition
Other
135 stars 44 forks source link

Cannot switch to different user in Axon Server UI #699

Closed ViliusS closed 2 months ago

ViliusS commented 2 months ago

After upgrade to Axon Server 2024.1.0 we can no longer switch to different user in Axon Server UI. If we click Logout button and the try to login with new user it still gets logged in with an old user.

I guess there is something wrong with auth cookies because if I open InPrivate browser window or clear all cookie it starts to work again. Though, after successful login with another user once we are still stuck with it the same way as before.

schananas commented 2 months ago

Did this occur after upgrading to 2024.1? Was this bug in the previous version?

ViliusS commented 2 months ago

I didn't test with 2023.x, but 4.6.11 was working fine.

schananas commented 2 months ago

Hi, I was not able to reproduce the issue. Do you have specific configuration that you have set? Whats the URL to access the dashboard? do you see the logout button?

ViliusS commented 2 months ago

Yes, I can see the logout button. I cannot share URL because it is not public, but could it be something with caching headers? I'm running Axon Server UI behind GKE load balancer. These are steps I took to verify:

  1. Login with userA.
  2. Logout.
  3. Specify wrong password for userB. UI correctly said that password is wrong.
  4. Login with correct password of userB.
  5. Axon Server UI shows userA logged in.

And this is what I saw in the logs:

2024-07-29 21:37:18.926 EEST Login with username "userA".
2024-07-29 21:37:18.927 EEST [userA] Subscribed to context updates.
2024-07-29 21:37:19.467 EEST [userA] Request to list contexts.
2024-07-29 21:38:39.382 EEST Login with username "userB" FAILED: Bad credentials
2024-07-29 21:38:49.509 EEST Login with username "userB".
2024-07-29 21:38:50.975 EEST Login with username "userA".
2024-07-29 21:38:51.018 EEST Login with username "userA".
2024-07-29 21:38:51.019 EEST [userA] Subscribed to context updates.
2024-07-29 21:38:51.519 EEST [userA] Request to list contexts.

From the logs it looks like server logs-in with correct userB at first, but then old session is initiated and UI is redirected to userA instead?

UPDATE: Found it. This was indeed caching issue and is related to this issue. What I was seeing in HTTP logs is (as per other other issue):

  1. POST request to https://myurl/login
  2. GET to http://myurl/ for some reason
  3. Then again GET to https://myurl/
  4. Then a lot of CSS/JS loading.
  5. And then when it calls https://myurl/v2/overviews or https://myurl/v2/health I saw that Authorization: Basic base64xxxxx header is always the same. I have decoded base64 value and it always gives me the username/password of the last successful logged in user.

I had to clear browser cache completely because clearing via Dev Tools just clears cache on https://myurl but not on http://myurl. Old http:// link probably contained older version of cache or cookies.