Can you open an issue in core? I think we need more details and its easier to work this out on github. You can cc me (@Raydiation)
On 02/12/2015 07:46 PM, Christian Reiner wrote: > Hi all, > I experience a strange effect with sessions inside OC-8. That is, strange for > me, since I do not understand this. Probably I miss something here, so maybe > someone can give me a hint here: > > The Shorty app implements a http basic auth strategy for a special purpose. > That has nothing to do with normal owncloud sessions. The additional > authorization helps to keep two things separate: "normal" owncloud sessions > versus requests to a public service, the Shorty relay service. > In the implementation I took care *not* to login the user, so *not* to create > a session within owncloud. Nevertheless I see this strange effect: > > Normally, when you logout from owncloud all cookies are deleted and you are > forwarded to the login form, since you do not have a valid session any more. > > Now the fun starts: after having used that described public service once and > having authenticated successfully as requested by the http basic auth > strategy > it suddenly is impossible to logout from the "normal" owncloud session opened > in another window or tab. The logout button works, sends the expected headers > and deletes the cookies. However instead of the login form you are forwarded > right into a valid OC session which loads the default app. > > Now I do understand that the browser resends his authentication realm after > the logout. But I fail to see how a) that is connected with the "normal" > owncloud session and b) why there suddenly is a new session although all > cookies have been removed. > Could someone help me to understand this effect? > > Thanks, > Christian Reiner (arkascha) > > PS: I attach the two conversation dumps, one with one without that effect. > > > _______________________________________________ > Devel mailing list > [email protected] > http://mailman.owncloud.org/mailman/listinfo/devel _______________________________________________ Devel mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/devel
