Osmose
commented
10 years ago If you right click the logout link, copy the URL, paste it into the location bar and visit it, does logout work successfully again?
If so, I believe I know the cause. When you click the logout button, we first call navigator.id.logout to log you out of Persona, and then once that finishes, we redirect the user to the logout view so they can log out of your site. We don't handle the case where logout doesn't call the callback, which happens if Persona thinks you're already logged out.
There's a few approaches to fixing this on our end:
- Don't logout from Persona until after logging out of your own site. Annoying because you have to avoid the fact that Persona will try to log you back in on the next page load.
- Have some reasonable timeout after which, if the logout callback hasn't been run, you run it automatically.
- Opt out of Persona-based session management, meaning you don't have to call logout at all. This can be done manually, by making your auto-login and auto-logout callbacks not trigger login and logout, or by using the newer session-less API, which is blocked from landing in production due to mozilla/persona#4027.
(3) using the new API is the preferred long-term solution, but if that train takes much longer to land I'm going to consider just fixing these issues while we wait for it to land.
seocam
If a user clicks in the logout button when the website is actually down (during a restart for example) the user can't login after the service is back again.
I'm using 3d3c86cbfb277002af814ea8e34adf639cd70c32