search

arsturges / RVB

A DOE tool to map appliance efficiency legislation to CO2 reductions.
ead5.lbl.gov
1 stars 0 forks source link

IE doesn't log users out when they click "Log out" #38

Closed arsturges closed 6 years ago

arsturges commented 14 years ago

Thank you browser testing. IE also doesn't show the login screen; it hijacks it and shows it own login prompt.

arsturges commented 14 years ago

Furthermore, the IE dialogue says:

"The server ead5.lbl.gov at Web Password requires a username and password.

Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection)."

arsturges commented 14 years ago

IE logout from production log: Processing SessionsController#destroy (for 128.3.23.51 at 2010-07-15 17:13:52) [GET] Parameters: {"action"=>"destroy", "controller"=>"sessions"} Redirected to http://ead5.lbl.gov/ Completed in 8ms (DB: 2) | 302 Found [http://ead5.lbl.gov/logout]

Processing HomeController#index (for 128.3.23.51 at 2010-07-15 17:13:52) [GET] Parameters: {"action"=>"index", "controller"=>"home"}

Rendering template within layouts/application Rendering home/index Completed in 7766ms (View: 1281, DB: 471) | 200 OK [http://ead5.lbl.gov/]

Firefox user clicks log out:

Processing SessionsController#destroy (for 128.3.23.51 at 2010-07-15 17:16:23) [GET] Parameters: {"action"=>"destroy", "controller"=>"sessions"} Redirected to http://ead5.lbl.gov/ Completed in 7ms (DB: 2) | 302 Found [http://ead5.lbl.gov/logout]

Processing HomeController#index (for 128.3.23.51 at 2010-07-15 17:16:23) [GET] Parameters: {"action"=>"index", "controller"=>"home"}

Redirected to http://ead5.lbl.gov/session/new Filter chain halted as [:login_required] rendered_or_redirected. Completed in 2ms (DB: 0) | 302 Found [http://ead5.lbl.gov/]

Processing SessionsController#new (for 128.3.23.51 at 2010-07-15 17:16:23) [GET] Parameters: {"action"=>"new", "controller"=>"sessions"} Rendering sessions/new Completed in 4ms (View: 3, DB: 0) | 200 OK [http://ead5.lbl.gov/session/new]

arsturges commented 14 years ago

The Firefox user's session is destroyed, and he is redirected to /home/index, which is halted by the filter chain as no password is supplied. The IE user's session is destroyed (I think), and he is redirected to /home/index, which loads normally, without being halted by the filter chain.

Firefox user: Processing HomeController#index (for 127.0.0.1 at 2010-07-27 14:25:18) [GET] Parameters: {"action"=>"index", "controller"=>"home"}

Redirected to http://localhost:3000/session/new Filter chain halted as [:login_required] rendered_or_redirected.

arsturges commented 14 years ago

sessions_controller.rb:

Deleted the line: redirect_back_or_default('/')

replaced it with: redirect_to :action => "new", :controller => "sessions"

This fixes the issue for now, but seems like a hack.