We can’t rely on XHRs working after Safari 12. VG showed that it doesn’t
work correctly on the SPiD side, although I don’t fully understand why.
What we observe is:
1) Log in from VG
2) Log out from VG (observe that the Network tab has requests going to
/ajax/logout.js and /authn/identity/logout — both returning 200. This
makes VG of course show you as logged out
3) Log in again. Observe that you are (wrongly) automatically logged in
with no need for authentication
Since we want to move away from XHRs relying on 3rd party cookies
anyway, this commit changes the way it works by doing a full-page
redirect (after cleaning up cache/varnish cookie) instead. Since there
are no requests being sent in logout() anymore, I removed the async
modifier, even though this is a breaking change.
We can’t rely on XHRs working after Safari 12. VG showed that it doesn’t work correctly on the SPiD side, although I don’t fully understand why. What we observe is:
1) Log in from VG 2) Log out from VG (observe that the Network tab has requests going to /ajax/logout.js and /authn/identity/logout — both returning 200. This makes VG of course show you as logged out 3) Log in again. Observe that you are (wrongly) automatically logged in with no need for authentication
Since we want to move away from XHRs relying on 3rd party cookies anyway, this commit changes the way it works by doing a full-page redirect (after cleaning up cache/varnish cookie) instead. Since there are no requests being sent in logout() anymore, I removed the async modifier, even though this is a breaking change.