When the user logout, the Invenio session is cleared, but the CERN session is still valid. On the next login, the user/psw of the user is not prompted because the user still has a valid CERN cookie.
Solution
On logout, the app should redirect to the CERN logout endpoint so that not only the Invenio session is cleared, but also the CERN cookie.
As in CERN contrib, create a new blueprint route /cern_<>/logout and then in the Invenio app set the config:
SECURITY_POST_LOGOUT_VIEW = "/cern_<>/logout"
Describe the bug
When the user logout, the Invenio session is cleared, but the CERN session is still valid. On the next login, the user/psw of the user is not prompted because the user still has a valid CERN cookie.
Solution
On logout, the app should redirect to the CERN logout endpoint so that not only the Invenio session is cleared, but also the CERN cookie.
As in CERN contrib, create a new blueprint route
/cern_<>/logoutand then in the Invenio app set the config:SECURITY_POST_LOGOUT_VIEW = "/cern_<>/logout"After a logout, it should redirect.