When using the admin panel, clicking the logout button, the message in the UI is "You have been logged out successfully." However,
/api/users/logout
returns
{"errors":[{"message":"No User"}]}
, and fails to clear cookie
payload-token
. When clicking "Log back in", the UI shows "Already logged in", and I can return to the dashboard. The "log out" link on this page in the text "To log in with another user, you should log out first." similarly has no effect.
It appears the
set-cookie
header is not being sent properly by
api/users/logout
, but I observe this only in the browser. Based on the error body, it seems it's doing this because it doesn't recognize a user is logged in, but I can confirm that the
cookie
header with the relevant token
isbeing sent by the browser in the request. Oddly, if I try the same with
curl
or Postman, the logged-in user seems to be recognized and the
set-cookie
header is sent correctly.
@\ ឵឵឵ The logout operation requires a
user
to logout. Are you sending an authenticated user through a
POST
request to
/api/users/logout
?
Indeed I was, copied the cookie straight from the network inspector in the browser. Request in browser looked correct as well, but got back "No user".
Can you send the request to me?
Don't have it on hand at the moment, but also haven't been experiencing the issue today. You guys have been bumping versions pretty frequently the last weeks, and I've been upgrading regularly since we're still in dev. Anything that might have changed in that section of the code that might explain it?
Nothing that would effect authentication in this way
hey, what was the solution to this?
I am experiencing a similar issue, that's also stopping me from using access control. thanks.
Star
Discord
online
Get help straight from the Payload team with an Enterprise License.