Error when user login is cached in browser

[ejmiddle]

When caching usernames and passwords and thus staying logged in, removing the user leads to streamlit ending up in an error. Currently the only way is to remove the username from the browsers cache.

It would be great to be able to catch this error and logout immediately so the user has to log in with new credentials. Instead of being trapped in the error message.

Maybe its already possible? How?

Thx Andi

[mkhorasani]

Hi @ejmiddle, I'm not sure I understood what you mean, but perhaps you can try logging them out programmatically without rendering the logout button when they face this error. Please refer to the logout feature in the readme for more details.

[ejmiddle]

Hi @mkhorasani , thank you for coming back to me. Sorry, I actually oversaw the "unrendered" option for the logout function. However, it doesn't resolve the problem.

So let me point out the issue more clearly:

Given that the browser cached a user "testuser", and it is no more existent in an updated users.yaml executing this line

name, authentication_status, username = authenticator.login()

throws a key error in line 159 of the authentication handler

            st.session_state['name'] = self.credentials['usernames'][token['username']]['name']

probably, as the username in the token, coming from the cookie, is supposed to be in the credentials, but it is actually not due to the updated users.yaml.

Resolving the issue like this, i.e. simply logging out in case of an error during login

try:
    name, authentication_status, username = authenticator.login()
except Exception as e:  # Corrected the syntax here to properly capture the exception
    st.info(f"... {e}")  # Added exception message for more clarity
    authenticator.logout("Logout", "unrendered")

does not work, as you log out, then streamlit rerenders and the problem just occurs again as it first checks the cookies.

Do you see another way? Otherwise, I think before executing the login via tokens, one has to check if the user exists in both, credentials and login.

Best regards Andreas

[mkhorasani]

Please note that only users who are registered in the config.yaml can be logged in. Having a user's token in your browser's cookie without having their info in the config.yaml is not supported.

[ejmiddle]

Okay I see, thx!

Is this planned for some time in the future? For proper operational use this will become quite important I guess ...

[mkhorasani]

No, I really can't see a use case for this.

[ejmiddle]

Hmm, fair enough, it is a minor issue I admit. However, we are facing this 'issue' with a customer.

Let me help out with the use case. Once you set up streamlit for bunch of users, then usernames are cached on the customers laptops. If you then remove or change a username, then the user is trapped until he explicitly removes the pages cookies. At least this is my understanding of the problem.

However, I can see that it does not seem important currently. Thx anyways

[mkhorasani]

I see, in that case, what I can do is I can raise an exception that would be displayed to the user explaining the issue as opposed to just throwing an error.

[ejmiddle]

This is what I am doing currently when catching the error. But, yes, for convenience, this would be nice. Thx!!

[mkhorasani]

I've already made the necessary changes and will add it to the next release. Thank you for pointing this out!