[MGNLSTK-735] Logout results in session expired error, unable to login again Created: 01/Dec/10  Updated: 19/Jan/11  Resolved: 12/Jan/11

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: None
Affects Version/s: 1.4
Fix Version/s: 1.4.2

Type: Bug Priority: Major
Reporter: Antti Hietala Assignee: Tobias Mattsson
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Form 1.2.0, PUR 1.3.0


Attachments: PNG File session-expired-login.png     PNG File session-expired-logout.png    
Issue Links:
relation
is related to MGNLFORM-75 Allow simpler FormEngine subclassing Closed
Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

A registered public user gets "Session expired" error when they log out. Trying to log back in results in the same error. Expected behavior is clean a logout and a Thank You message.

Do this on demoauthor.magnolia-cms.com:

  1. Create a new page in /demo-project/members-area. Assign the Public Users Management template to the page.
  2. Add a new Logout form paragraph on the page. Keep defaults.
  3. Add a new field set in the form. Keep defaults.
  4. Add a new submit button on the form. Label it "Logout".
  5. Add a new hidden field on the form. Set field name to mgnlLogout and value to true.
  6. Activate the page to public instance.

Do this on demopublic.magnolia-cms.com:

  1. Create a new public user. http://demopublic.magnolia-cms.com/demo-project/members-area/registration.html
  2. Verify the account with the link sent to your email address.
  3. Log in using the new user account. http://demopublic.magnolia-cms.com/demo-project/members-area/login.html
    You may get the "Session expired" error already at this point.
  4. Navigate to your custom logout page and click the Logout button.
    "Session expired" is displayed.
  5. Try to log in again.
    Error persists.


 Comments   
Comment by Tobias Mattsson [ 06/Dec/10 ]

While logging in and out works this is performed in filters, that establish or closes the session. Since form 1.2 we keep state in the session so when the filters execute the rest of the form processing fails with the "session expired" error.

A solution is to perform login and logout in form processors instead. After these are executed the form must return a redirect to a success page.

Comment by Magnolia International [ 21/Dec/10 ]

Just for the record, there's no need to create a public user to reproduce this issue, simply try with superuser/superuser, and observe the same issue.

Comment by Tobias Mattsson [ 12/Jan/11 ]

Fixed as of MGNLSTK-729 which merges the login and logout forms into one that doesn't use the form module.

Generated at Mon Feb 12 07:29:54 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.