filebrowser icon indicating copy to clipboard operation
filebrowser copied to clipboard

Published 20 hours ago • verified publisher icon gtsteffaniak

Logging out an OIDC user doesn't delete auth cookie

Open ktdd opened this issue 5 months ago • 1 comments

Description I'm logging in using OpenID Connect. I log out and get redirected to login page. If I go back in history or login as a different user using username + password, I'm still logged in as OIDC user.

Expected behaviour I expect to be logged out.

Additional context It seems that auth cookie isn't deleted when logging out an OIDC user. If I login with username + password after logging out an OIDC user, there are now two auth cookies, one with domain ".files.domain.tld" and other with domain "files.domain.tld".

ktdd avatar Jun 16 '25 07:06 ktdd

Thanks for reporting this... I changed the code so the server-side redirect deletes the cookie instead of the UI.

Perhaps that's not working as expected, let me check on this.

gtsteffaniak avatar Jun 16 '25 17:06 gtsteffaniak

Still an issue in v0.7.12-beta

joost00719 avatar Jul 06 '25 11:07 joost00719