[owncloud-devel] Strange session issue in OC-8
dev at bernhard-posselt.com
Sun Feb 15 16:21:24 GMT 2015
Can you open an issue in core? I think we need more details and its
easier to work this out on github. You can cc me (@Raydiation)
On 02/12/2015 07:46 PM, Christian Reiner wrote:
> Hi all,
> I experience a strange effect with sessions inside OC-8. That is, strange for
> me, since I do not understand this. Probably I miss something here, so maybe
> someone can give me a hint here:
> The Shorty app implements a http basic auth strategy for a special purpose.
> That has nothing to do with normal owncloud sessions. The additional
> authorization helps to keep two things separate: "normal" owncloud sessions
> versus requests to a public service, the Shorty relay service.
> In the implementation I took care *not* to login the user, so *not* to create
> a session within owncloud. Nevertheless I see this strange effect:
> Normally, when you logout from owncloud all cookies are deleted and you are
> forwarded to the login form, since you do not have a valid session any more.
> Now the fun starts: after having used that described public service once and
> having authenticated successfully as requested by the http basic auth strategy
> it suddenly is impossible to logout from the "normal" owncloud session opened
> in another window or tab. The logout button works, sends the expected headers
> and deletes the cookies. However instead of the login form you are forwarded
> right into a valid OC session which loads the default app.
> Now I do understand that the browser resends his authentication realm after
> the logout. But I fail to see how a) that is connected with the "normal"
> owncloud session and b) why there suddenly is a new session although all
> cookies have been removed.
> Could someone help me to understand this effect?
> Christian Reiner (arkascha)
> PS: I attach the two conversation dumps, one with one without that effect.
> Devel mailing list
> Devel at owncloud.org
More information about the Devel