julianlam
commented
6 years ago Hi there, you can do this by forcing all users to go to the login override. Simply disable user registration
Closed thachhuynh95 closed 6 years ago
julianlam
commented
6 years ago Hi there, you can do this by forcing all users to go to the login override. Simply disable user registration
julianlam
commented
6 years ago Let me know if this doesn't work for you...
AndyHubert
commented
5 years ago I am having a similar issue with this with regard to admin users.
I have "Revaluate" set. With normal (non-admin) users, it works great. When I log out from the main site and shared session cookie is deleted, the user is likewise logged out of NodeBB. However, when I do the same with an admin user, I can confirm that the shared session cookie is deleted, but the person is NOT logged out of NodeBB. The only way I have found to log out such a person is by logging in someone else.
I am using NodeBB v1.10.2.
julianlam
commented
5 years ago Hi @AndyHubert -- this is by design, we didn't want the admin user to be logged out because occasionally they may run into situations where they accidentally change some session-sharing option, and then they get logged out and can't log back in to fix it :grimacing:
Did you need to log out admins as well?
julianlam
commented
5 years ago AndyHubert
commented
5 years ago Yes I need to be able to log out admins as well.
Here is the problematic scenario:
julianlam
commented
5 years ago Makes sense. I will see about adding an option to toggle this bypass on and off via the ACP.
julianlam
commented
5 years ago Tracked in #67
AndyHubert
commented
5 years ago Much appreciated.
On Thu, Nov 29, 2018 at 6:45 PM Julian Lam notifications@github.com wrote:
Tracked in #67 https://github.com/julianlam/nodebb-plugin-session-sharing/issues/67
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/julianlam/nodebb-plugin-session-sharing/issues/41#issuecomment-442905792, or mute the thread https://github.com/notifications/unsubscribe-auth/AP3h7p4kzLe6ShHtf26p5LAd8EBDtpRnks5u0A8NgaJpZM4P1Gba .
aneesijaz
commented
3 years ago Hey is someone else still facing same issue ? Revalidatie is enabled. Registration is disabled. Login page is set to the other app's login url.
Shared Cookie is deleted through the other website. (even I don't see the cookie (named token) in the inspector on both website after it has been deleted) The nodebb is still logged in ...
nodebb version 1.17.2 session-sharing version 4.7.2
julianlam
commented
3 years ago Admin account stays logged in, just in case.
aneesijaz
commented
3 years ago Forgot to mention ... not logged in as admin ...
aneesijaz
commented
3 years ago 
As you acn see I have already deleted the token cookie but still it is logged in based on the express.sid cookie ... Revalidate is turned on but seems it is not taking that cookie into account after it is logged in..
julianlam
commented
3 years ago Are you certain "revalidate" is set in the admin panel?
I am not able to reproduce this issue -- when I generate a test session (via /debug/session), and then go back to the home page, I am logged in. Deleting the token cookie and refreshing logs me out.
aneesijaz
commented
3 years ago Yes I am certain re-validate is checked in admin panel ... /debug/session generated the token for test user ... even my other app generated token were letting me login .. but deleting or expiring the cookie was not logging it out ... It kept logged in even after deleting / expiring the cookie .. (I even tried deleting the shared cookie from the inspector manually .. it still kept logged in)
julianlam
commented
3 years ago Are you able to debug?
The logic should be reaching this line here:
I am using nodebb 1.6.0. Although I set Re-validate but nodebb still logged in after I log out from my app, clear cookies.