django-rest-knox icon indicating copy to clipboard operation
django-rest-knox copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Logging out not expiring session

Open eliezerp3 opened this issue 2 years ago • 3 comments

Hi. Thank you so much for this package. I have this

 'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
        'knox.auth.TokenAuthentication',
    ),

in my settings.py. Issue is that the log out view only expires the token but the browser still stays logged in due to the session still being valid. Is there any way to expire the session when the user logs out?

eliezerp3 avatar Oct 02 '22 03:10 eliezerp3

If you are previously logged in with session authentication then dfr/knox won't do anything to remove that session. Try deleting the cookies and then next time it may not occur.

yd4011439 avatar Oct 04 '22 15:10 yd4011439

@yd4011439 Unfortunately that doesn’t help. It seems it uses both session and token upon login but only expires the token (and not the session) upon logout.

eliezerp3 avatar Oct 04 '22 16:10 eliezerp3

Same error using the tutorial https://jazzband.github.io/django-rest-knox/auth/

class LoginView(KnoxLoginView):
    permission_classes = (permissions.AllowAny,)

    def post(self, request, format=None):
        serializer = AuthTokenSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        user = serializer.validated_data['user']
        login(request, user)
        return super(LoginView, self).post(request, format=None)

login(request, user) create the session cookie.

I also overide the LogoutView

class LogoutView(KnoxLogoutView):
    def post(self, request, format=None):
        response = super(LogoutView, self).post(request, format=None)
        logout(request)
        return response

ge-lem avatar Nov 04 '23 11:11 ge-lem