Describe the bug
It appears like header-based login might break after clicking the logout button. I will admit, I'm doing something a little different than what is designed, as is described here:
Given that though, I'm seeing some very odd behavior as described below. It doesn't seem like it should matter that I'm using something from the referrer header vs some other header.
To Reproduce
Steps to reproduce the behavior:
The logs show the following...
User authenticates using the header method I use, linked above
User clicks on logout button
User tries to log in again by being directed to /login?token=...
User is redirected to /auth/header and header_auth_callback succeeds (returns valid User)
User is redirected to chat
User is immediately redirected back to /login and then back to /auth/header
header_auth_callback fails (returns None because there is no token query param)
User is redirected back to /auth/header a second time
header_auth_callback fails (returns None because)
Expected behavior
I would expect that the user is successfully logged in on the first redirect to /auth/header but it seems like after the user manually logs out, it somehow makes it so that the header login flow is failing to set the User for the session.
I'm certainly willing to accept that what I'm doing isn't supported, however, this behavior is not something I've run into and only seems to happen after the user manually logs out. It's almost like a cookie or session storage item is no longer able to be set by the header login flow.
I have tried clearing browser cookies and data and all of that, it doesn't seem to help once the user clicks that button. Very mysterious.
Describe the bug It appears like header-based login might break after clicking the logout button. I will admit, I'm doing something a little different than what is designed, as is described here:
https://github.com/Chainlit/chainlit/issues/144#issuecomment-2227005294
Given that though, I'm seeing some very odd behavior as described below. It doesn't seem like it should matter that I'm using something from the referrer header vs some other header.
To Reproduce Steps to reproduce the behavior:
The logs show the following...
/login?token=...
/auth/header
andheader_auth_callback
succeeds (returns validUser
)/login
and then back to/auth/header
header_auth_callback
fails (returnsNone
because there is no token query param)/auth/header
a second timeheader_auth_callback
fails (returnsNone
because)Expected behavior I would expect that the user is successfully logged in on the first redirect to
/auth/header
but it seems like after the user manually logs out, it somehow makes it so that the header login flow is failing to set the User for the session.I'm certainly willing to accept that what I'm doing isn't supported, however, this behavior is not something I've run into and only seems to happen after the user manually logs out. It's almost like a cookie or session storage item is no longer able to be set by the header login flow.
I have tried clearing browser cookies and data and all of that, it doesn't seem to help once the user clicks that button. Very mysterious.