Logout route fails to recognize user or clear cookie

default discord avatar
\ ឵឵឵
8 months ago
7

When using the admin panel, clicking the logout button, the message in the UI is "You have been logged out successfully." However,

/api/users/logout

returns

{"errors":[{"message":"No User"}]}

, and fails to clear cookie

payload-token

. When clicking "Log back in", the UI shows "Already logged in", and I can return to the dashboard. The "log out" link on this page in the text "To log in with another user, you should log out first." similarly has no effect.



It appears the

set-cookie

header is not being sent properly by

api/users/logout

, but I observe this only in the browser. Based on the error body, it seems it's doing this because it doesn't recognize a user is logged in, but I can confirm that the

cookie

header with the relevant token

is

being sent by the browser in the request. Oddly, if I try the same with

curl

or Postman, the logged-in user seems to be recognized and the

set-cookie

header is sent correctly.

  • discord user avatar
    jacobsfletch
    Payload Team
    8 months ago

    @\ ឵឵឵ The logout operation requires a

    user

    to logout. Are you sending an authenticated user through a

    POST

    request to

    /api/users/logout

    ?

  • default discord avatar
    \ ឵឵឵
    8 months ago

    Indeed I was, copied the cookie straight from the network inspector in the browser. Request in browser looked correct as well, but got back "No user".

  • discord user avatar
    jacobsfletch
    Payload Team
    8 months ago

    Can you send the request to me?

  • default discord avatar
    \ ឵឵឵
    8 months ago

    Don't have it on hand at the moment, but also haven't been experiencing the issue today. You guys have been bumping versions pretty frequently the last weeks, and I've been upgrading regularly since we're still in dev. Anything that might have changed in that section of the code that might explain it?

  • discord user avatar
    jacobsfletch
    Payload Team
    8 months ago

    Nothing that would effect authentication in this way

  • default discord avatar
    taongaB
    6 months ago

    hey, what was the solution to this?



    I am experiencing a similar issue, that's also stopping me from using access control. thanks.

Open the post
Continue the discussion in Discord
Like what we're doing?
Star us on GitHub!

Star

Connect with the Payload Community on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.