Closed zkatona closed 5 years ago
As far as I have been able to work out in the past when saw this, it is how JupyterHub works. It seems the cookie is left behind and is still accepted up to the time the prior login has been cleared from the cache. See:
May be related to c.HubAuth.cache_max_age
setting in part.
Dear Mr. Dumpleton,
I use OAuth 2.0 authentication against OpenShift with JupyterHub. I experience the issue that JupyterHub does not force the users to authenticate again after logout, but only if the logout happened shortly after a login. I guess it must have something to do with missing invalidation of cookies at JupyterHub's side. Additional Info:
However, the same issue is present with - jupyterhub-quickstart:1.0.3 and OpenShift 3.6.
Any ideas what could be the solution for this?
Thank you for your help in advance!
Cheers,
Zoltán