search

dotnet / blazor-samples

Creative Commons Attribution 4.0 International
733 stars 626 forks source link

Signout remains signed in with multiple browser tabs (2nd browser tab remains signed in) #297

Closed jsmarsch closed 2 months ago

jsmarsch commented 5 months ago

Describe the issue

If you open 2 tabs, and sign out in 1 tab, the other tab remains signed in until you refresh the browser.

To Reproduce

Steps to reproduce the behavior:

  1. Disable WASM (in my case, I'm only supporting Server-Side Interactive)
  2. Configure this template to use an available OIDC provider (I'm using Keycloak)
  3. Start a debugging session and use the login feature
  4. Open a second browser tab
  5. Note that both browser tabs are logged in (expected, b/c shared cookie)
  6. Logout in 1 of the browser tabs
  7. Navigate around in the other browser tab without causing a postback

Expected behavior

  1. You should be logged out in both tabs

Additional context

I have read about the conundrum here, where the signalr websocket connection doesn't cause a postback, so there is never postback, and therefore no reason to re-validate the cookie. So, I kind of get the problem. Problem is, I'm not sure what to do about it. The user expectation is that when they click sign-out, their session is safely closed.j

I have seen examples on the web that maintain an in-memory, singleton collection that can be used to track active sessions, but that only works if you are only running one instance of your web app -- if you are scaling horizontally, either manually or in a k8t's cluster, you'll have multiple copies of the singleton -- one per process. Any wisdom on how to handle the sign out problem?

Issue Details

Do not edit this section. It is required for issue processing.

guardrex commented 5 months ago

Hello again, @jsmarsch ... This ❓ would need to go to the product unit. If you can't find an existing (open or closed) issue addressing this, open a new issue for them at ...

https://github.com/dotnet/aspnetcore/issues

Please add ...

cc: @guardrex https://github.com/dotnet/blazor-samples/issues/297

... to the bottom of your opening comment so that I can follow along. I might open a new docs repo issue (from the article) if they provide guidance that I can publish on this.

jsmarsch commented 5 months ago

Thank you. I spent some time searching the issues in the aspnetcore github repo, and did not find anything that seemed to speak to my issue, so I opened issue #55925 I cc'd you as requested. Also, here's a link: https://github.com/dotnet/aspnetcore/issues/55925

guardrex commented 5 months ago

Re-opening for tracking purposes. I think the article can address it per Javier's remarks. I'll end up moving this to a new issue on the docs repo tho. I only use this repo's issues to track sample updates. Article updates are managed by the docs repo. I'll take care of opening that issue shortly. This issue I'll re-open as a reminder to myself so that I don't lose track of this.

guardrex commented 2 months ago

Moved to https://github.com/dotnet/AspNetCore.Docs/issues/33418 for work in the main doc set.