Open mihow opened 3 months ago
@annavik I was able to recreate the issue! It seems like the "sessionid" cookie does not get cleared when a user is detected as being logged out. Here is a screencast of it happening: Screencast from 07-08-2024 02:48:53 PM.webm
You can't see my mouse here, but I delete the "sessionid" cookie and then am able to login.
Hmm, this is very strange! I still have some problems reproducing this. The cookies you have are not present for me to begin with. I wonder if this could be related to admin login messing things up? I mean being logged in on https://api.beluga.insectai.org/admin/? Have you been logged in on this service on localhost?
Here is a short summary of the current FE logic for auth:
auth/token/login
. We get a long lived token in response, which we will keep in local storage.auth/token/logout
. Then we clear the auth token from local storage, nothing more. FE is not forcing any cookies to be cleared./me
ends up with a 403 response. We call this endpoint every 10 second when the app is active.Happy to tweak this logic if needed, just want to understand what is going on first :)
There seems to be a auth issue for the endpoint Forbidden: /api/v2/jobs/[ID]/run/
Clicking the Start button shows the ... status dots for one second, then does nothing. No error is displayed.
I think there is a general issue with the CSRF token or the session cookie.