[Bug]: Bad/Invalid auth_token is not rejected

[TheQue42]

What happened?

If I accidentally enter the wrong password for the auth_token, I still get (sort of) logged in, but with a dead dashboard, and I cant find anywhere to "log out".

The token seems to be stored in firefox'es local data(the cookie quick manager add on to firefox doesnt show a cookie for my site), but I cant find any method of deleting the data specific to ONLY this site. A similar behavior i Edge, that seems to indicate there is a cookie for the size, but when clicking on that no cookies are shown..?

Cleaning cookies in firefox for the domain will work, but I have a lot of different services running on xxxx.domain.com, and its quite annoying to have to loose all cookies, etc for ALL domains, just become I accidentally added the wrong pass for z2m.

What browsers are you seeing the problem on?

Firefox, Microsoft Edge

Relevant stacktrace

No response

[bernard-dandrea]

I had the same problem with firefox

I have deleted the cookie with the IP address of the site (in my case 192.168.1.19) and after that, a new token has been asked

I hope this workaround will fix your problem

[TheQue42]

@bernard-dandrea: Unfortunately, as I said in the ticket cleaning cookies is not valid workaround.