dosubot[bot] commented on issue #33609: URL: https://github.com/apache/superset/issues/33609#issuecomment-2917284937
<!-- Answer --> Based on the information available, this issue appears related to session management and the way Superset handles authentication/logout, especially with Azure AD and the `AUTH_ROLE_PUBLIC = 'NoAccess'` setting. While there are no directly matching issues or official documentation addressing this exact error, here are some actionable insights and areas to investigate: 1. **Session Management**: Superset uses Flask and Flask-Login for session management, and can use Flask-Session for server-side sessions if `SESSION_SERVER_SIDE` is enabled. Session cookies are encrypted with the `SECRET_KEY` and are essential for identifying user sessions on the server side. If session cookies become invalid or corrupted, it can cause authentication issues that persist until cookies are cleared [[source](https://github.com/apache/superset/blob/master/docs/docs/security/security.mdx)]. 2. **Role Configuration**: Setting `AUTH_ROLE_PUBLIC = 'NoAccess'` means users who are not authenticated have no permissions. If, after logout, the session is not fully cleared or the browser still holds an invalid session cookie, Superset may attempt to treat the user as "public" but with no access, potentially triggering an error state. 3. **Frontend Behavior**: The frontend checks session validity and will redirect to login if the session is expired or invalid. However, if the backend returns an unexpected error (like a 500 Internal Server Error) instead of a 401 Unauthorized, the frontend may not handle it gracefully, resulting in the error you see [[source](https://github.com/apache/superset/blob/master/superset-frontend/src/preamble.ts)]. 4. **No Error in Logs**: If you do not see errors in the Superset logs, try increasing the log level to DEBUG for both Superset and your web server (e.g., Gunicorn, Nginx) to capture more detail about what happens during logout. **Suggestions to try:** - Temporarily set `AUTH_ROLE_PUBLIC` to a role with minimal permissions (not `NoAccess`) and see if the error persists. This can help determine if the issue is related to the lack of permissions for public users. - Ensure your `SECRET_KEY` is unique and not the default, as session issues can arise from an insecure or default key [[source](https://github.com/apache/superset/blob/master/superset/initialization/__init__.py)]. - Double-check your Azure AD and OAuth configuration for any session or token expiry settings that might interact poorly with Superset's session handling. - If using server-side sessions, verify that your session backend (e.g., Redis, filesystem) is healthy and accessible. - Review your Kubernetes and Helm deployment for any customizations to session or cookie handling. If none of these steps resolve the issue, consider enabling more detailed logging and capturing the exact HTTP response and stack trace when the error occurs. This information will be crucial for further troubleshooting or for reporting a bug upstream. <!-- Dosu Comment Footer --> *To reply, just mention my name [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/070edb48-745a-426b-8eb4-bfa94f10cde2?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/070edb48-745a-426b-8eb4-bfa94f10cde2?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/070edb48-745a-426b-8eb4-bfa94f10cde2?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/070edb48-745a-426b-8eb4-bfa94f10cde2?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/070edb48-745a-426b-8eb4-bfa94f10cde2?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/070edb48-745a-426b-8eb4-bfa94f10cde2?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/070edb48-745a-426b-8eb4-bfa94f10cde2?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [! [Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/33609) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
