1
"Log Out" not working
Problem reported by Chris - October 14, 2015 at 6:38 PM
Resolved
This problem has been bothering me for years.  My typical use case is to login as Admin to create a new user and root folder, then I'd I click the username at the top right and choose "log out".  Then I want to log back in as the new recently created user to test the new root folder but it takes me right back in as admin, no credentials required.  The only way to log out for real is to restart the browser or use a different browser. 
 
Not sure if it's a browser issue or server, but my session is being maintained after log out.

4 Replies

Reply to Thread
0
Cem Alacayir Replied
October 14, 2015 at 10:40 PM
Employee Post
Strange, normally when you click "log out", your current session should end immediately. Even if you chose "remember me" during login, this action would reset the login cookie. Yes it may be a browser issue, please check if you can duplicate the problem on another browser. If you can, then it should be a server issue, for example your server may be configured to modify outgoing headers and in this case it may be preventing resetting the cookie header.
0
Chris Replied
October 15, 2015 at 4:50 AM
Firstly we're using windows authentication, but other than that our web server should be stock and it's only used for FileVista.
 
When I visit our FileVista URL, an authentication box pops up (not the login.aspx page) and I login.  If I choose to log out, then try to revisit our FileVista URL hoping for a new authentication box I'm always logged right back in as the same user no login prompt, in every browser.
 
When I log out it takes me back to the login.aspx page, so if I try logging in from there IE 11 works, but Firefox, Chrome, and Edge do not. The non working browsers give a: (5) Access is denied error.
 
I suspect it's Windows authentication related since I can never get a new login box to pop up.
0
Cem Alacayir Replied
October 15, 2015 at 5:33 AM
Employee Post
Yes, if you are using Windows Authentication then this is expected, it's not possible to logout from that because the browser caches the negotiation with the server. However there is a new feature and you can use it since you upgraded to the latest version. You can now import users directly from Active Directory or Windows accounts and users imported like this can login directly on the login.aspx page (no browser logon window will be shown). So you will be able to disable Windows Authentication and let your users login with the default login page instead like regular FileVista accounts and you will not have this "session maintained" problem anymore.
 
Currently there is no option in the UI to mark already added users to be elligle for this feature but you can execute this sql statement against your FileVista database in SQL Server to mark them:
 
UPDATE [User] SET [Type] = 1 WHERE [Name] <> 'admin'
The value 1 means Active Directory user, if your users are Machine users use value 3 like this:
 
UPDATE [User] SET [Type] = 3 WHERE [Name] <> 'admin'
Currently there is no difference in handling these types but in future it may change so choose the correct type. Also note that for normal users, i.e. FileVista native users, like the default admin account you should keep the type value at 0. That's why I am excluding admin user in the WHERE clause.
 
After you update the users, disable Windows Authentication and enable Anonymous Authentication in IIS so that you users see the login.aspx page and not browser's challenge/response window. From now on they can login directly on the login.aspx page and you will not experience the "not being able to log out" behavior.
0
Chris Replied
October 15, 2015 at 7:28 AM
That's interesting I'll do some testing.  All our users are local accounts for FileVista and currently to login we need to put the local machine in front of the username (i.e. Computer\Username) when using the login.aspx, I presume since it's windows authentication and all the usernames are set this way in the DB, like the actual username is "Computer\Username".  Would all the usernames need to be updated as well to remove the "Computer\" at the same time?

Reply to Thread