Bug Report: Logout not working after upgrading to Airflow 3.1.2 with FAB (OAUTH) #57965
Description
Apache Airflow version
3.1.2
If "Other Airflow 2/3 version" selected, which one?
No response
What happened?
Summary:
After upgrading Apache Airflow from version 3.1.1 to 3.1.2, the logout function stopped working when using OAuth-based authentication.
Description:
When users attempt to log out through the web UI, the session is not properly terminated. The page redirects as expected, but the user remains authenticated and can still access the interface without logging in again. The only way to complete the logout process is to manually clear the session cookies in the browser.
What you think should happen instead?
Expected Behavior:
Clicking “Logout” should revoke the session and redirect the user to the login screen, without requiring manual cookie removal.
Actual Behavior:
The logout action does not invalidate the session cookie, causing the user to stay logged in.
How to reproduce
Steps to Reproduce:
- Configure Airflow 3.1.2 with OAuth-based authentication (e.g., Google, GitHub, etc.).
- Log in using OAuth.
- Click on “Logout” in the web interface.
- Observe that the user remains logged in.
- Manually delete the session cookies and refresh the page — only then the user is logged out.
Operating System
Dokcer
Versions of Apache Airflow Providers
Environment:
- Airflow version: 3.1.2
- Previous version (working): 3.1.1
- Authentication backend: OAuth using Google
- Deployment type: Docker
- Browser: Chrome 142.0.7444.60
Additional Notes:
No relevant errors appear in the Airflow logs during the logout request. This issue seems to be related to how session cookies are managed in version 3.1.2.
Deployment
Docker-Compose
Deployment details
No response
Anything else?
No response
Are you willing to submit PR?
- Yes I am willing to submit a PR!
Code of Conduct
- I agree to follow this project's Code of Conduct