I'm getting “Your session has expired” error on logout after moving to Spartacus v3. It basically appears straight after selecting logout option from menu and persist on redirected login page until refresh. What can be the reason?
Related
Setup Overview
I am using B2C custom policies for sign-in flow in react application using msal-react and msal-browser packages. The user is able to log in properly for the first time after entering credentials. Now when the user clicks logout, B2C logout popup shows up and it goes away instantly without asking the user to choose an account which is expected because the user is signed in with only a single account. The user is redirected properly.
Doc followed - [https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/logout.md
Issue
After successful logout, which seems to be happening properly as the UnAuthenticated template executes after login. When the user presses login again, it does not ask for any credentials, and user is signed in again which is a security issue. I am not sure what am I missing now. I have gone through all the MS docs multiple times and GitHub issues but did not find a solution
Flow:
Before First login - Session Storage and Cookies are empty,
After login - Session Storage has values and Cookies have 2 entries - x-ms-cpim-sso and x-ms-cpim-csrf
After logout - Both are cleared with no values
Click login again, values from step 2 come back in. But if you don't click login and try different app routes, it shows Unauthenticated template which has login button. So seems like user was correctly logged out
A few questions and helpful information
Is azure ad B2C considered as social sign in (federated entity) or is it considered a local account like Azure AD
I have read here that it does not assume logout from social IDP but I am not using anything other than B2C. In this GitHub, it also mentioned it is expected behaviour but how do I logout properly so that user is asked for credentials again. [https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/2547
After pressing logout, if user is signed out from B2C as the app executes Unauthenticated template instead of Authenticated, how is it able to sign in again without any credentials.
Please guide me to solve this issue
I have a React Native app that uses Okta's hosted login page to authenticate.
When a user successfully authenticates for the first time through the PKCE flow, on every other login afterwards, they get automatically logged in as the same user.
I've used additionalParameters: { prompt: 'login' }, but it only asks for you to re enter your password and if you click signout, it brings you to a Citrix page that doesn't change anything about the flow - they still get logged back in as the same user after the fact.
I've tried using both the revoke and logout endpoints which actually changes the cookies a bit, but doesn't affect the flow same goes with restarting the app.
The only way is to clear hardware settings in xcode.
This may not even be an Okta specific issue, perhaps a general OIDC issue.
How does the hosted login page store and know you've previously logged in and how can that be fixed?
I am building an app using .Net Core with VueJs along with JavascriptServices&NodeServices for ServerSideRendering, and Identity as auth mechanism.
Scenario :
I navigate to /details page - having some hidden info because the user is not logged in (so, User.Identity.Name) is null.
I click login, a pop-up shows up, I enter my credentials, and after the AJAX call is made to auth the user, I do a full refresh of the page using location.reload(true).
This works on chrome desktop but on mobile devices it doesn't; on mobile browsers it works if I "fake navigate away" meaning that I go back one page and then come back (so I don't trigger a SSR).
Does anybody have an idea why this doesn't work?
I have a Windows Live Application and it use login.live.com to login or logout my app.
When I login with login.live.com url then I logout but I can't relogin after I logout .
If I off the browser then launch it again or logined for along time, I can relogin successfully.
I know the live cookie is problem but I can't find the solution for this problem .
I'm working on a Rails 3 application that uses devise for user authentication. I would like the user to only see the splash/signup page when they first visit the site but be sent to the login page if they log out or time out, as follows:
Splash page
Click on login link
Login page
Supply proper login credentials
User's dashboard
Click on logout link or user times out
Login page (not splash page)
Take a look in the devise wiki: How To: Change the redirect path after destroying a session i.e. signing out