Bug 353566

Comment 1 Wayne Beaton 2011-08-09 14:51:58 EDT

It appears to invalidate the session when I try it, but that is only evident after refreshing the browser. i.e. logout seems to work, it just isn't reflected in the UI.

Investigating.

Comment 2 Wayne Beaton 2011-08-09 14:56:21 EDT

What browser are you using? Firefox seems to get it right, but Chrome doesn't on my system.

The form that contains the "Log out" button doesn't have an explicit 'action' parameter; Firefox seems to get it right regardless. Perhaps Chrome interprets the absence of this value differently?

Comment 3 Markus Keller 2011-08-10 04:29:24 EDT

I'm on Firefox 5.0. There, Refresh doesn't help.

On Chrome, it also doesn't log me out immediately, but a refresh indeed does the job.

Comment 4 Wayne Beaton 2011-08-10 11:50:29 EDT

That helps. I think I've got it.

The code that processes the logout invalidates the session, sets a redirect, and then completely neglects to actually exit. The code that follows does all sorts of things that may be having an impact on the server and browser.

I've fixed that problem.

Unfortunately, I can't get the problem to manifest in my test environment; on my workstation, everything seems to work the same with or without this fix (which makes me think that the Apache/PHP version may have something to do with this). Given that this all seems to work, I'm going to push out the fix to see if that clears things up.

Webmaster, can you push out the portal at the next opportune moment?

Comment 5 Eclipse Webmaster 2011-08-12 11:03:17 EDT

I've pushed the code changes live.

-M.

Comment 6 Wayne Beaton 2011-08-12 12:15:27 EDT

Didn't work :-(

I took a closer look at the network activity and I think the problem is that the browser is caching the page.

The logout process first invalidates the session and then redirects back to the portal.php page via "Location:" HTTP header. The network activity report indicates that the page is coming from the cache.

This may explain why it works on the unit test environment, but not on the production server; I believe that the production server has some explicit caching added in the configuration that may account for this.

The portal.php page should probably *never* be cached. It's actually loaded rarely. Most changes on the page are done via JavaScript anyway.

I've added some "don't cache" headers that Nathan helped me sort out. Hopefully that will solve the problem.

Matt: Do I have to worry about server configuration overriding the explicit headers that I've set?

Matt: Can you push out the portal again, please?

Comment 7 Eclipse Webmaster 2011-08-12 15:17:19 EDT

I've pushed the changes out.

I suspect that the server cache settings will override the 'custom' headers, but I suppose that's really down to how each browser handles multiple statements.

I can't turn off the caching for the portal.php page explicitly(the ganularity just isn't there), but I have turned the general cache time down to 1hour for /portal (html and php).

-M.

Comment 8 Wayne Beaton 2011-08-12 21:57:36 EDT

(In reply to comment #7)
> I suspect that the server cache settings will override the 'custom' headers,
> but I suppose that's really down to how each browser handles multiple
> statements.

Despite the custom headers apparently being overridden, it seems to be working. Markus, can you confirm?

Comment 9 Markus Keller 2011-08-13 13:02:11 EDT

> Despite the custom headers apparently being overridden, it seems to be working.
> Markus, can you confirm?

Unfortunately not. I think it worked the first time I tried to log out in Firefox 5, but from the second time on, it didn't work any more. I can't make it work now without clearing recent history.

Comment 10 Wayne Beaton 2011-08-15 13:29:44 EDT

(In reply to comment #9)
> > Despite the custom headers apparently being overridden, it seems to be working.
> > Markus, can you confirm?
> 
> Unfortunately not. I think it worked the first time I tried to log out in
> Firefox 5, but from the second time on, it didn't work any more. I can't make
> it work now without clearing recent history.

Markus, can you try loading the portal, waiting an hour or more than then log out? It seems that the server, configured to tell the browser to cache for an hour, is overriding my attempts to managing the caching. I'd like to confirm before I drag webmaster into a discussion on changing the server configuration.

Comment 11 Markus Keller 2011-08-18 13:11:54 EDT

Sorry, got struck by a bad fever. So the window stayed open for 3 whole days. After that, the "Log out" button worked fine.

I tried it again now with a waiting period of 1h35m. That wasn't enough to make it work.

Comment 12 Markus Keller 2011-08-19 06:25:08 EDT

Tried it once more with a 16.5 h wait period, and that was not long enough (log out didn't work)

Comment 13 Wayne Beaton 2011-08-19 10:42:35 EDT

Sorry about the fever. I hope you're feeling better.

This is quite frustrating... it works fine on my system.

I'll try it from outside of EF offices this afternoon to see if that makes a difference.

In the meantime, Markus, can you elaborate on the behaviour in Firefox for me?

You click "log out" and nothing happens. Then you click "refresh" and the same screen comes back? Does Ctrl+F5 (refresh with cache override) do the job?

Comment 14 Markus Keller 2011-08-19 12:19:17 EDT

> You click "log out" and nothing happens.
Yes, but I see that the page is being reloaded (green progress bar in address field), and sometimes I also see some redraw flashing.

> Then you click "refresh" and the same screen comes back?
Yes.

> Does Ctrl+F5 (refresh with cache override) do the job?
No, same as the other 2 procedures (but takes a bit longer to reload all images).

I tried to find something useful in Firebug, but I didn't see any connection information. But here's an interesting finding:
- open Firebug
- enable the Net tab
- check "Disable Browser Cache"
=> everything works as expected
- uncheck "Disable Browser Cache"
=> bug is back


BTW: To rule out special settings in my main Firefox, I have a separate Firefox profile with almost no addons installed. That profile also clears all data when the FF instance is shut down. Here's the batch file I use to launch it:

SET MOZ_NO_REMOTE=1
C:
cd C:\Program Files (x86)\Mozilla Firefox
start firefox.exe -p "test"

You may have to use 'firefox.exe -p' first to create the "test" profile once.

Comment 15 Wayne Beaton 2012-04-03 14:25:38 EDT

Has the switch over to LDAP-based SSO changed anything?

Comment 16 Denis Roy 2012-04-03 14:29:27 EDT

Actually, we don't even have a logout routine to clear the browser cookie and session.  Feel free to punt this to Community > Website and we'll make this happen.

Comment 17 Denis Roy 2014-04-25 13:01:19 EDT

*** Bug 432827 has been marked as a duplicate of this bug. ***

Comment 18 Denis Roy 2014-06-16 14:43:16 EDT

*** Bug 437345 has been marked as a duplicate of this bug. ***

Comment 19 Denis Roy 2014-07-24 10:46:03 EDT

*** Bug 440336 has been marked as a duplicate of this bug. ***

Comment 20 Denis Roy 2014-08-13 09:34:45 EDT

Here's a list of cookies that should be cleared by this logout process:

bugs.eclipse.org:Bugzilla_logincookie
eclipse.org:fud_session_1247685629
eclipse.org:ECLIPSESESSION
eclipse.org:ECLIPSE_ENV (remove "S")
eclipse.org:TAKEMEBACK
git.eclipse.org:GerritAccount
wiki.eclipse.org:my_wiki_session

Any others?

Comment 21 Denis Roy 2014-08-18 13:44:00 EDT

Bug 353566 - Cannot log out from website

I've put a simple "Log out" on the My Account page until we can come up with something better.

Comment 22 Denis Roy 2014-08-18 13:45:15 EDT

I meant to attach the review URL

https://git.eclipse.org/r/#/c/31852/

Comment 23 Christopher Guindon 2014-08-25 09:26:26 EDT

(In reply to Denis Roy from comment #22)
> I meant to attach the review URL
> 
> https://git.eclipse.org/r/#/c/31852/

Once this patch is done, we should include a logout link in the top right toolbar if the user is currently logged in.

Comment 24 Denis Roy 2014-08-25 09:55:44 EDT

> Once this patch is done, we should include a logout link in the top right
> toolbar if the user is currently logged in.

Sure.  Are you going to redo the patch?

Comment 25 Christopher Guindon 2014-08-25 10:00:08 EDT

(In reply to Denis Roy from comment #24)
> > Once this patch is done, we should include a logout link in the top right
> > toolbar if the user is currently logged in.
> 
> Sure.  Are you going to redo the patch?

Yes, I will do it now!

Comment 26 Christopher Guindon 2014-08-25 10:10:43 EDT

Patch was updated, this works on my local environment:
https://git.eclipse.org/r/#/c/31852/


I will now prepare another patch for solstice that includes a logout link.

Comment 27 Christopher Guindon 2014-08-25 11:00:49 EDT

(In reply to Christopher Guindon from comment #26)
> Patch was updated, this works on my local environment:
> https://git.eclipse.org/r/#/c/31852/
> 
> 
> I will now prepare another patch for solstice that includes a logout link.

Patch for solstice:
https://git.eclipse.org/r/#/c/32241/

Updating eclipse.org-common in dev.eclipse.org
https://git.eclipse.org/r/32245

Comment 28 Christopher Guindon 2014-08-25 11:58:27 EDT

(In reply to Christopher Guindon from comment #26)
> Patch was updated, this works on my local environment:
> https://git.eclipse.org/r/#/c/31852/

> 
> Updating eclipse.org-common in dev.eclipse.org
> https://git.eclipse.org/r/32245

Both patch where successfully merged to dev.eclipse.org.
Denis, can you pull down the latest commits for dev.eclipse.org

Once that's done, we should test to make sure this is working probably on production. If this goes well, we should be ready to merge for the patch for the solstice theme in eclipse.org-common.

https://git.eclipse.org/r/#/c/32241

Comment 29 Christopher Guindon 2014-08-25 12:01:10 EDT

Sorry for my previous comment. I accidentally pressed save changes while editing.

(In reply to Christopher Guindon from comment #26)
> Patch was updated, this works on my local environment:
> https://git.eclipse.org/r/#/c/31852/

> 
> Updating eclipse.org-common in dev.eclipse.org
> https://git.eclipse.org/r/32245

Both patches where successfully merged to dev.eclipse.org.
Denis, can you pull down the latest commits for dev.eclipse.org.

Once that's done, we should test this on production. If all goes well, we should commit the patch for the solstice theme in eclipse.org-common.

https://git.eclipse.org/r/#/c/32241

Comment 30 Denis Roy 2014-08-25 13:43:09 EDT

> Both patches where successfully merged to dev.eclipse.org.
> Denis, can you pull down the latest commits for dev.eclipse.org.

Done.  I was able to log out!

Comment 31 Christopher Guindon 2014-08-25 13:46:41 EDT

(In reply to Denis Roy from comment #30)
> > Both patches where successfully merged to dev.eclipse.org.
> > Denis, can you pull down the latest commits for dev.eclipse.org.
> 
> Done.  I was able to log out!

Awesome!


The patch for solstice was successfully merged. The log out link is now available on all the eclipse.org pages using solstice.

Comment 32 Christopher Guindon 2014-08-25 13:56:52 EDT

This is not working properly.

I am still logged in if I click on the log out link from https://www.eclipse.org/home/index.php. 

After clicking the log-out link, it appears that you are logged off but if you click on the eclipse.org logo, you are logged in again.

Comment 33 Christopher Guindon 2014-08-25 16:38:59 EDT

I have two patches for review.

dev.eclipse.org:
https://git.eclipse.org/r/32277

eclipse.org-common
https://git.eclipse.org/r/32271

Comment 34 Christopher Guindon 2014-08-26 16:28:46 EDT

I have a new patch ready for review:
https://git.eclipse.org/r/#/c/32362/

The browser was caching the redirect. The logout only worked the first time you tried to logout.


I created a new logout.php that redirects you after 2 seconds.

Comment 35 Denis Roy 2014-09-02 16:32:21 EDT

We are done here.