Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.x] User Logout direct fails #37763

Closed
brianteeman opened this issue May 8, 2022 · 3 comments
Closed

[4.x] User Logout direct fails #37763

brianteeman opened this issue May 8, 2022 · 3 comments
Labels
bug No Code Attached Yet

Comments

@brianteeman
Copy link
Contributor

brianteeman commented May 8, 2022
edited
Loading

Steps to reproduce the issue

  1. Create a menu item with GUEST permissions
  2. Create a menu item with REGISTERED permissions
  3. Create a menu item with Public permissions
  4. Publish the login module on all pages AND set redirect on login to the registered page and redirect on logout to the guest page
  5. Create a menu item Users->Login Form AND set redirect on login to the registered page and redirect on logout to the guest page
  6. Create a menu item Users->Logout AND set redirect on logout to the public page
  7. Create a menu item Users->Logout AND set redirect on logout to the guest page

Test 1

login and logout using the module

Test 2

login and logout using the menu login form

Test 3

Login (any method) and Logout using the Logout menu item that redirects to a public page

Test 4

Login (any method) and Logout using the Logout menu item that redirects to a guest page

Expected Results

login and logout and redirects all work as expected

Actual Result

Test 1,2 & 3 work as expected
Test 4 produces a 403 You don't have permission to access this
@sozzled
Copy link

sozzled commented May 8, 2022
edited
Loading

Thanks, @brianteeman. I reported this at #37042 but it failed to gain any traction or attention. I consider this a bug with J! 4 that probably goes back to before the release of J! 4.0 but was overlooked or not considered important. Whether or not the matter is fixed I would like an acknowledgement from the development team(s) as to why this happens:

The logout menu item does not close the session (and reset the viewing permissions) before the session is redirected to a menu item that the session is not permitted to access. That, in a nutshell, is the problem.

Further, the viewer remains logged-in as a result of the error.

@brianteeman
Copy link
Contributor Author

I reported this at #37042 but it failed to gain any traction or attention.

Probably because you didnt have good test instructions and asked people to wade through the forum.

I consider this a bug with J! 4 that probably goes back to before the release of J! 4.0 but was overlooked or not considered important

Doesnt really matter what you consider or when the bug first occurred. The only thing that matters is when someone discovers and reports it.,

I would like an acknowledgement from the development team(s) as to why this happens:

I would like a ferrari

@brianteeman brianteeman mentioned this issue Apr 17, 2023
Merged
@brianteeman brianteeman mentioned this issue Dec 6, 2023
Merged
4 tasks
@brianteeman
Copy link
Contributor Author

Closing as no longer reproducable

@Quy Quy closed this as completed Dec 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug No Code Attached Yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Quy @sozzled @brianteeman @fancyFranci @joomla-cms-bot