-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Two auth_tkt cookies created after login #58
Comments
Hey @oyvindskj, could you please provide more details because i'm not able to reproduce the issue, thanks. |
Hi @duskobogdanovsk. What I see is that when Azure does the callback
|
@oyvindskj, the leading dot means that the cookie is valid for subdomains as well; nevertheless recent HTTP specifications (RFC 6265) changed this rule so modern browsers should not care about the leading dot. The dot may be needed by old browser implementing the deprecated RFC 2109. |
@duskobogdanovski This is described in the initial issue: Only one of the two |
@oyvindskj this is quite peculiar, cause the behavior is correct, cookies are set and managed by core CKAN, you can see that even tests expect the same behavior https://github.com/ckan/ckan/blob/0ab924d5ea331625bd61a805f23c68a17f028193/ckan/tests/lib/test_auth_tkt.py. However it could be a real bug/issue, so would be great to know which CKAN core version you're running. |
I removed two extensions we have developed ourself. |
Let me know if there is something I can do to help. I tried with Edge as well - same behaviour. |
Describe the bug
Using Azure AD for SSO with CKAN, two
auth_tkt
cookies are created after login. They are equal, but with different domain:test-data.mydomain.com
.test-data.mydomain.com
When logging out, only cookie2 is deleted, leaving cookie1 to keep my session towards CKAN alive. If I try logout again, Azure says I am already logged out and cookie1 remains active.
ckanext-saml2auth version affected
v1.2.1
Expected behaviour
To be logged out of CKAN when I click "Log out"
The text was updated successfully, but these errors were encountered: