Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Mojolicious session does not expire

by petru.tr (Initiate)
on Aug 09, 2017 at 12:51 UTC ( [id://1197098]=perlquestion: print w/replies, xml ) Need Help??

petru.tr has asked for the wisdom of the Perl Monks concerning the following question:

I'm building a web application using mojolicious. The logout functionality works only while running the app on local machines. When I try to logout on the app running on the server, the session does not expire and I remain logged in.

This started to happen when we changed logout to be done via POST request instead of get.

The way we call logout is as an AJAX call from the frontend:

function do_logout() {
   $.post( "<%= url_for('on_logout') %>", function() {});
}

[download]
Logout route: 
$if_login->post('/logout')->name('on_logout')->to('user#on_logout');

[download]
Logout controller: 
sub on_logout {
  my $self = shift;
  $self->session(expires => 1);
  return $self->redirect_to('home');
}

[download]

Line which sets the session to expire is called, but after the redirect, session still contains the username which was logged in.

I've posted the question on stackoverflow if you want to get some rep

Replies are listed 'Best First'.
Re: Mojolicious session does not expire
by Mr. Muskrat (Canon) on Aug 09, 2017 at 16:21 UTC

    First off let me say that it has been a while since I've used Mojolicious. Second you said "after the redirect, session still contains the username which was logged in" but you haven't provided any code that shows how you know this. Are you certain that the username is coming from the session and not the stash?

    If you can provide a SSCCE then you'd really be helping everyone to help you solve this.

[reply]
      There is a rather excellent chance that the page-image which shows logged in status is coming from the browser cache. Use the browser debugger to see if page content is actually being returned ... if the browser is actually requesting HTML from the network for the new page.
[reply]

      I know it's been a while, but we're still experiencing the same problem. The session is somehow not cleared. This code gets executed during logout:  "$self->session(expires => 1);

      Then, at login, printing the session variable  say $self->session('username'); sometimes yields the username and the user remains logged in, sometimes it is undefined and the user can log out successfully. I was not able to find a pattern for this, but it doesn't fail only on the server, it also fails on localhost, so there's no connection to that.

[reply]
[d/l]
[select]

        Have you investigated whether your script sends the correct Set-Cookie headers upon logout?

        If yes, there is a problem with the browser, in that it maybe has old cookies that the program still considers valid.

        If no, investigate why the cookie headers are not sent.

[reply]
[d/l]
        I found the error, the request was made using an <a href="" onclick="do_logout()"></a>, which was basically doing 2 actions at once and creating a race condition. Here is the relevant code snippet https://ideone.com/UUeYRw
        Thanks for helping!
[reply]
[d/l]
Re: Mojolicious session does not expire
by Anonymous Monk on Aug 09, 2017 at 16:18 UTC
    Change it back
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://1197098]
Approved by choroba
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others rifling through the Monastery: (6)
As of 2024-04-23 21:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found