We have a small issue where pressing the logout button does not result in the user being logged out
Our setup
We have a Vue.js frontend, where you can authenticate with Auth0. After you’re logged in you can press the messageboard button and you’ll be redirected to our Discourse board, where once again you’ll be authenticated with Auth0.
When you press logout on the Discourse forum, it briefly shows a modal with a refresh button, but then automatically refreshes the page and loads the forum without being logged out.
Here’s a screenshot of the browsercalls being done. I’m not sure about the red error calls, as they seem to be triggered after the red error calls again and then they seem to succeed.
Hmmm, the problem is that users do get logged out, but then they get automatically logged back in immediately. One solution is to set the logout redirect setting to some external site, so that people don’t get logged straight back in. Or maybe you could even set it to /login
I’ll have a think about this over the next few days and see if we can come up with a better solution. It is confusing to have a logout button that does… nothing.
Single sign on / a single auth strategy with disabled local logins
login required enabled
Maybe we add a warning to the dashboard when both conditions are met telling the user to properly set the logout redirect elsewhere? It’s a relatively uncommon config to get into where the admin can spend an extra 5 seconds setting the logout address.
@david Redirecting to the login page is a good solution, thanks! Agreed with @Falco that you might need a warning to set this, else it causes strange behavior!
As @Falco said, this is pretty rare, but I think I will configure the default logout redirect to /login for login_required sites - nice and simple, and that way we don’t rely on people actually reading a warning.