Logout doesn't properly ends session

[mparkachov]

Project board link

Spotted on 1.2.1 (aeb2f0a)

Just tried last stable version with shiro authorization as described in documentation. Logout doesn't reset session or something broken with caching.

1. On first access to application through /webui/index.html I get login form -> Ok
2. Enter correct credentials -> redirected to /webui/index.html -> Ok
3. Press Logout -> redirected to login form -> Ok
4. Enter manually /webui/index.html: still works -> Unexpected behaviour.

Expected: After Logout all Urls are redirected to login form.

Regards, Maxim.

┆Issue is synchronized with this Jira Story by Unito ┆Issue Number: REAP-168

[nsteinmetz]

Hi,

Using 1.2.0 + my fix on login (~1.2.1) : With nginx on top of reaper UI, works for me as expected - someyimes React cache on user side may have some side impacts I noticed...

Nicolas

[nsteinmetz]

Testing with 1.2.1 and indeed I have the bug but I suspect the browser cache. If you go to /webui/index.html and force reload page (Cmd+Shift+R), then you are redirected to login page.

[amorton]

@ossarga have you seen this problem before ?

[amorton]

@mparkachov can you try 1.2.2 ? There were some problems with version 1.2.0 and 1.2.1. see http://cassandra-reaper.io/docs/download/

[nsteinmetz]

Hi @amorton @ossarga

Still have the issue with a fresh upgrade from 1.2.1 to 1.2.2

[mparkachov]

Just tested 1.2.2 and could re-produce issue. Could it be somehow related to isDev flag, so that in Dev mode it is not re-producible.

[mparkachov]

It seems to be some caching issue. After upgrade from 1.2.1 to 1.2.2 when I login to UI I still see version 1.2.1 in UI. After hard refresh "Ctrl+R" page is reloaded with new version.

[michaelsembwever]

Sounds like either 'no-cache; no-store' http headers need to be added to the page, or a 'max-age' header that matches the validity period of the shiro login.