[owncloud-devel] Strange session issue in OC-8

Christian Reiner foss at christian-reiner.info
Thu Feb 12 18:46:44 GMT 2015

Hi all, 
I experience a strange effect with sessions inside OC-8. That is, strange for 
me, since I do not understand this. Probably I miss something here, so maybe 
someone can give me a hint here: 

The Shorty app implements a http basic auth strategy for a special purpose. 
That has nothing to do with normal owncloud sessions. The additional 
authorization helps to keep two things separate: "normal" owncloud sessions 
versus requests to a public service, the Shorty relay service. 
In the implementation I took care *not* to login the user, so *not* to create 
a session within owncloud. Nevertheless I see this strange effect: 

Normally, when you logout from owncloud all cookies are deleted and you are 
forwarded to the login form, since you do not have a valid session any more. 

Now the fun starts: after having used that described public service once and 
having authenticated successfully as requested by the http basic auth strategy 
it suddenly is impossible to logout from the "normal" owncloud session opened 
in another window or tab. The logout button works, sends the expected headers 
and deletes the cookies. However instead of the login form you are forwarded 
right into a valid OC session which loads the default app. 

Now I do understand that the browser resends his authentication realm after 
the logout. But I fail to see how a) that is connected with the "normal" 
owncloud session and b) why there suddenly is a new session although all 
cookies have been removed. 
Could someone help me to understand this effect? 

Christian Reiner (arkascha)

PS: I attach the two conversation dumps, one with one without that effect. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logout.tar.bz2
Type: application/x-bzip-compressed-tar
Size: 9102 bytes
Desc: not available
URL: <http://mailman.owncloud.org/pipermail/devel/attachments/20150212/da421fa3/attachment.tar.bz>

More information about the Devel mailing list