View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 8
IDProjectCategoryView StatusDate SubmittedLast Update
09197Bug reportsOtherpublic2014-08-29 20:022014-11-22 17:58
ReporterConcordia Assigned Toc_schmitz  
PrioritynormalSeverityminor 
Status closedResolutionno change required 
Product Version2.05+ 
Summary09197: Cannot logout of limesurvey, it logs me in right away.
Description

I recently got Single sign on to work.
Limesurvey authenticates with LDAP through Apache 2.4.
I'm using Version 2.05+ Build 140125.

My problem is once I'm logged in I cannot logout. :huh:

When I look at the apache access.log, we can see that as soon as I log out it logs back in

::1 - dkavar [20/Aug/2014:09:58:57 -0400] "GET /limesurvey/index.php/admin/authentication/sa/logout HTTP/1.1" 302 -
::1 - dkavar [20/Aug/2014:09:58:57 -0400] "GET /limesurvey/index.php/admin/authentication/sa/login HTTP/1.1" 302 -
::1 - dkavar [20/Aug/2014:09:58:57 -0400] "GET /limesurvey/index.php/admin/index HTTP/1.1" 200 13830
::1 - dkavar [20/Aug/2014:09:58:58 -0400] "GET /limesurvey/index.php/admin/authentication/sa/logout HTTP/1.1" 302 -
::1 - dkavar [20/Aug/2014:09:58:58 -0400] "GET /limesurvey/index.php/admin/authentication/sa/login HTTP/1.1" 302 -
::1 - dkavar [20/Aug/2014:09:58:58 -0400] "GET /limesurvey/index.php/admin/index HTTP/1.1" 200 13830

There are no errors in the error.log.

The only way to log out is to clear my browser cache and close\open the browser.

Steps To Reproduce

-Configure Limesurvey to authenticates with LDAP through Apache 2.4.
-Once logged in try logging out.

Additional Information

Limesurvey log out button no longer works with authentication through apache(HTTP authentication), as the session is not cleared until the browser window is closed.

There might be a work around, but it will require more research and development.

TagsNo tags attached.
Bug heat8
Complete LimeSurvey version number (& build)140125
I will donate to the project if issue is resolvedNo
BrowserALL
Database type & versionMS SQL 2008 R2
Server OS (if known)MS SERVER 2008
Webserver software & version (if known)Apache 2.4
PHP Version5.4.24

Relationships

Relationship GraphDependency Graph
related to 09225 closedDenisChenu Infite redirection loop with WebServer authentication de lagation 

Users monitoring this issue

mfaber

Activities

sykano

sykano

2014-09-08 20:50

reporter   ~30494

Same problem here.
But from what I've read on the net that is normal behavior with HTTP authentication.
Concordia

Concordia

2014-09-08 21:43

reporter   ~30500

I was told to submit it as a bug report

http://www.limesurvey.org/en/forum/installation-a-update-issues/98273-cannot-logout-of-limesurvey,-it-logs-me-in-right-away

DenisChenu provided these two solutions:

  • No log out icon (remove log out icon if connected via server)
  • Return to index page and not to admin.
sykano

sykano

2014-09-08 21:51

reporter   ~30501

Ah, very good.
DenisChenu

DenisChenu

2014-09-16 11:17

developer   ~30661

sykano has right : it's the default HTTP behaviour.

I don't think LimeSUrvey must really log out user.

Actually : we can 'hide' logout button in javascript (TODO) or in css (maybe).

Maybe with beforeLogOut we can go the survey list : but user are conneted to LS part each time he goes to admin.
sykano

sykano

2014-09-16 18:36

reporter   ~30668

I like to add that the related redirect loop is still a problem, e.g. when something goes wrong with the login (e.g. because of case sensitivity issues) and it leads to the login being blocked for 10 minutes every time you try.
http://bugs.limesurvey.org/view.php?id=8994
http://bugs.limesurvey.org/view.php?id=9045

Another question is if a logout can be done in this case due to HTTP Authentication not supporting logout.
But I think the ideas in Concordia's comment sound good (no logout button OR redirect to somewhere else).
Concordia

Concordia

2014-09-16 18:41

reporter   ~30669

Sykano I just want to point out that those were DenisChenu's ideas and not mine :)
DenisChenu

DenisChenu

2014-09-16 19:39

developer   ~30670

HTTP Authentifcation support with REMOTE_USER only suport link :
< a href="user:@example.org >LogOut< /a >

For infinite loop : it's fixed in webserver : http://bugs.limesurvey.org/view.php?id=9225
If it need to be fixed in LDAP AUth : please report and put a link to 9225

PS: LS is an open source / GPL tool, you can propose patch and make pull request on out github account

Issue History

Date Modified Username Field Change
2014-08-29 20:02 Concordia New Issue
2014-08-30 09:53 mfaber Issue Monitored: mfaber
2014-09-08 20:50 sykano Note Added: 30494
2014-09-08 21:43 Concordia Note Added: 30500
2014-09-08 21:51 sykano Note Added: 30501
2014-09-12 13:35 DenisChenu Relationship added has duplicate 09225
2014-09-12 13:37 DenisChenu Relationship deleted has duplicate 09225
2014-09-12 13:37 DenisChenu Relationship added related to 09225
2014-09-16 11:17 DenisChenu Note Added: 30661
2014-09-16 18:36 sykano Note Added: 30668
2014-09-16 18:41 Concordia Note Added: 30669
2014-09-16 19:39 DenisChenu Note Added: 30670
2014-11-22 17:58 c_schmitz Status new => closed
2014-11-22 17:58 c_schmitz Assigned To => c_schmitz
2014-11-22 17:58 c_schmitz Resolution open => no change required
2021-08-03 16:31 guest Bug heat 6 => 8