Logout does not clear the tokens #210
Comments
ghost
added
the
|
Do you have /api/logout implemented?
|
|
Yes, api/logout is implemented. After logout refreshing the page seems to be resolving the issue. So for now i am doing a page refresh after a logout. So it works okay for now. |
|
I'm having a problem where if I call Even opening other browsers (IE, Firefox, Chrome) that I had never opened before, and after ensuring I've cleared my localStorage, cookies, if I open Is there something happening on the server-side that's creating a cookie or localStorage that I can't see from the client-side (browser)? |
|
@nathanchase exact issue here :( state has user response. i can't see even any network request in devtools |
|
@nathanchase can u show me some code example? |
|
@pi0 can u look into this issue? i am waiting to launch my app |
|
@Chathula The problem code is outlined in this related issue: #213 Essentially, if a user object is empty (i.e., in nuxt.config.js auth config, See this line: https://github.com/nuxt-community/auth-module/blob/dev/lib/core/auth.js#L233 |
|
The scenario I'm facing could be related: Steps:
All I can think is that, although Vuex looks cleared, there is a token stored somewhere that is persisting after clicking log out. Does anyone think this could be part of the same issue? |
|
It seems that using store.state.auth.loggedIn instead of auth.loggedIn is a working workaround |
|
@nathanchase +1 here. After logged out, the token has been cleared but the "ctx" still has the old "user" and "loggedIn" state. https://github.com/nuxt-community/auth-module/blob/dev/lib/core/storage.js#L91 |
|
The token persists in this.$auth.strategies.local.options.endpoints.user.headers['Authorization'] = null |
@mkstix6 did you manage to find a solution to this? i am having the same issue but only seems to be with ie |
|
@craigPeckett and @ankitarora05, our code still includes @olibia 's suggestion above. Thank you @olibia . Just wanted to note that some of our package versions are a little old now: |
|
How can we manually clear the tokens until this is fixed? I'm using auth0 |
|
Hi @codeofsumit! What version of auth module are you using? |
|
@JoaoPedroAS51 |
|
@codeofsumit Thanks. I will make some tests and see if I can find the issue :) You can clear the tokens using |
|
Thanks @JoaoPedroAS51 - this is my logout action now: async logout({ state, commit }) {
this.$auth.setToken(false)
this.$auth.setRefreshToken(false)
this.$axios.setHeader('Authorization', false)
window.location = `https://${process.env.VUE_APP_AUTHDOMAIN}/v2/logout?returnTo=${window.location.origin}/logout`
},However, after returning from auth0's logout endpoint, the token is still set in axios.
Seems like the Cookie isn't cleared |
|
@codeofsumit Can you try |
|
@codeofsumit Oh sorry I forgot to mention that |
|
@codeofsumit I'm testing here and seems to be working. I think an easier solution is to use async logout({ state, commit }) {
await this.$auth.logout()
window.location = `https://${process.env.VUE_APP_AUTHDOMAIN}/v2/logout?returnTo=${window.location.origin}/logout`
}, |
|
Hi @mkstix6! What scheme are you using? |
|
@JoaoPedroAS51 thanks for reminding me. I tried this in the past but somehow it wasn't working as expected so I removed it. It's working fine now and is the best solution of course ❤️ Looking forward to the next version where tokens are refreshed 🎉 |
Hey, ours is configured like so (perhaps there's something weird in there): |
|
@mkstix6 Your config looks good to me. But I think What version are you using now? Did you say that using this solves your problem, right? this.$auth.strategies.local.options.endpoints.user.headers['Authorization'] = null |
|
|
I faced a similar issue when using GitHub's Oauth2 authentication.
The symptom above may be caused by a cookie from It would be appreciated if you could modify, or add some options. |
|
Hey All. |
I think this is fixed in v5, but not in v4: |
|
I have problem, the api/aut/logout request was pending forever and not log out with redirect because of the, I think: But other api call work well?! |
|
if u are using nuxt auth u can try
|
the solution is to delete the token in the backend on logout operation. Thus the upcoming requests (from previously opened tabs) with an old tokens will be blocked. class api_logout(APIView): |
|
Here is our logout function: That wipes the token out and reloads the current page which triggers the auth middleware which redirects the user to the login page using the Nuxt Auth middleware. https://auth.nuxtjs.org/guide/middleware/ You can |
|
I have same issue while log in the second time and duplicate tab which have old account in first log in |
and others
Version
v4.5.1
Reproduction link
https://jsfiddle.net/
Steps to reproduce
logout then login
What is expected ?
Logout should clear the old access tokens. As per this issue ( #57 ) here, its fixed in version 4.0 .
What is actually happening?
Hello, I am facing this issue while trying to log in after a logout. After login api is called and the access token it is set in both localstorage and cookie. But the
fetchUser()method is using the previous access token. I am using version 4.5.1. I even manually set the axios headers to null.Request response flow:
Login
Request:
Response
Logout
Request
Now when I login again, the access token is changed.
Login 2
Response
And this token is set both on cookie and localstorage. But the
$auth.fetchUser()api uses the old access token so login is not being completed. Refreshing the page fixes this as the access token stored in the cookie is a valid one.Fetch User
Request
The text was updated successfully, but these errors were encountered: