nextcloud_ynh icon indicating copy to clipboard operation
nextcloud_ynh copied to clipboard

Published 20 hours ago verified publisher icon YunoHost-Apps

Log out of ynh don't log out from nextcoud

Open Shnoulle opened this issue 8 years ago • 13 comments

Step to reproduce : you need 2 user's

  1. Be totally unlogued from ynh and nextcould
  2. Login at user1 via nextcould -> redirected to ynh login
  3. Click/go on nextcloud => logged like user1
  4. Come back to ynh
  5. Log out
  6. Login as user2
  7. Click on nextcloud => logged like user1

Same issue with owncloud before.

Shnoulle avatar Feb 09 '17 14:02 Shnoulle

Maybe linked to this patch https://github.com/YunoHost-Apps/nextcloud_ynh/blob/master/patches/00-add-logout_url-conf.patch

maniackcrudelis avatar Feb 09 '17 15:02 maniackcrudelis

confirmed here.

in fact you don't even need step 6. you can disconnect from sso, and still be logged in in nextcloud with user1

julienmalik avatar Mar 21 '17 11:03 julienmalik

this means it is error prone when two different users use the same machine for accessing their nextcloud. quite critical imho. but no idea how to fix this...

maybe the http_auth plugin should somehow invalidate the session when it receives a different user than the one from the session/cookie

julienmalik avatar Mar 21 '17 11:03 julienmalik

Think limesurvey_ynh have same issue, i take a look. But clearly : seems critical iun some situtation (maybe i can look to photo uploaded by my son ;) )

Shnoulle avatar Mar 21 '17 11:03 Shnoulle

I just tested this on latest version 12.0 with the following result:

  1. Login with user on yunohost portal (e.g. https://mydomain.org/yunohost/sso)
  2. Open nextcloud from yunohost portal (e.g. in new tab)
  3. Logout from yunohost portal
  4. Reloading nextcloud tab: user is still logged in!

mofoch avatar Aug 04 '17 12:08 mofoch

I thought the closing of https://github.com/YunoHost-Apps/nextcloud_ynh/issues/83 meant this bug also (I called it bug 2) wad solved but this is not yet the case :-( Hope some solution can be found.

croulibri avatar Feb 25 '18 14:02 croulibri

Somebody reported this issue today.

Do we have any way foreseen to fix this ? :s

alexAubin avatar Dec 11 '18 00:12 alexAubin

This a long pending issue on every apps: how can you automatically log out from applications when logging out from the portal? Naively there could be a mechanism in SSOwat to subscribe to different apps logout URL and call them from the client browser when logging out from the portal... yet there may be cross-site security issues...

JimboJoe avatar Dec 11 '18 06:12 JimboJoe

Hello, I had this problem today : one of my friend used my computer to go to his Nextcloud account. I clicked log out in the SSO panel wich was connected to his account, then I went to the Nextcloud page and I found it still connected to my friend's account.

This issue is quite old, how could I help to fix it ? Is there any updated since last message ?

nathanael-h avatar Oct 14 '19 13:10 nathanael-h

I'm afraid not...

JimboJoe avatar Oct 14 '19 18:10 JimboJoe

No update on this issue?

Thatoo avatar Sep 06 '20 09:09 Thatoo

Not really, this is not trivial to fix ...

c.f. https://github.com/YunoHost/issues/issues/501 which is the more general core issue (because several apps are affected by this kind of stuff).

Maybe in the most simple case it's only about invalidating some cookies but it's not clear ... somebody needs to have a deep look into it

alexAubin avatar Sep 06 '20 16:09 alexAubin