Logout route fails to recognize user or clear cookie
When using the admin panel, clicking the logout button, the message in the UI is "You have been logged out successfully." However,
/api/users/logoutreturns
{"errors":[{"message":"No User"}]}, and fails to clear cookie
payload-token. When clicking "Log back in", the UI shows "Already logged in", and I can return to the dashboard. The "log out" link on this page in the text "To log in with another user, you should log out first." similarly has no effect.
It appears the
set-cookieheader is not being sent properly by
api/users/logout, but I observe this only in the browser. Based on the error body, it seems it's doing this because it doesn't recognize a user is logged in, but I can confirm that the
cookieheader with the relevant token
isbeing sent by the browser in the request. Oddly, if I try the same with
curlor Postman, the logged-in user seems to be recognized and the
set-cookieheader is sent correctly.
@\ ឵឵឵ The logout operation requires a
userto logout. Are you sending an authenticated user through a
POSTrequest to
/api/users/logout?
Indeed I was, copied the cookie straight from the network inspector in the browser. Request in browser looked correct as well, but got back "No user".
Can you send the request to me?
Don't have it on hand at the moment, but also haven't been experiencing the issue today. You guys have been bumping versions pretty frequently the last weeks, and I've been upgrading regularly since we're still in dev. Anything that might have changed in that section of the code that might explain it?
Nothing that would effect authentication in this way
hey, what was the solution to this?
I am experiencing a similar issue, that's also stopping me from using access control. thanks.
Continue the discussion in Discord
Star
Discord
online
Get help straight from the Payload team with an Enterprise License.