Danny, please tell us how you understand that the actual logout doesn't work?
Unless I totally miss understand how Logout works?
Here is an example about testing logout in a simple way:
-
Create a details API which retrieves the user id as
identityWITH OUTPUT ENABLED:
-
Create a logout API:
On your frontend:
-
Put a server connect with NO AUTO LOAD and set it to the details api
-
Do the same for the logout API:
-
Create a button with dynamic event -> on click -> load server connect1 (for details)
-
Create a button with dynamic event -> on click -> load server connect2 (for details)
Then check the output on the browser:
2 Likes
You know what... I am now realizing i might not have done my security restriction correct, and this might be what is confusing me?
After watching this video:
Instead of an 'isAdmin' I created a 'Ismember' and I actually see it does not even work and I was just about to post a seperate topic on this to see if that got setup wrong on my end?
I think this is confusing me on the 'Did I actually logout?"
Ohhh, I'm sorry my friend didn't see your answer!
So, let's see:
- or click the back arrow
This case is normal, because you see the cashed page, if you click refresh again then you should be riderected to the login page - I manually enter the root address in my browser
In that case you are right, but ARE YOU SURE that the specific page is restricted to logedin users only? How do you restrict the page in members only?
You work on nodeJS, right?
EDIT:
So the page is restricted to ALL MEMBERS and not TO ADMIN only?
That's why a simple member can view the page after logout?
Well I did set it up on the main layout page, and each nav link page is a Main Layout Content page, so I assume this should be spread across all of the pages for the logout to work.
As for the security portion of this, you have it correct. Anyone signs up is a regular member (m) and i have yet to make an admin user as I am still testing.
I have the MAIN Layout for all the front pages except for the Login Page and Sign Up as those are different layouts and such.
I have only the sign-up and sign-in pages on a different layout so I assume these would not be impacted and one from the public can visit them. I only want all of main pages to be accessible after user logs in.
The reason I am setting this up like this for now is because I am having a separate front facing website for the world and this application will be in its own separate subdomain folder for users to sign up (app.yourdomain.com).
You are correct as far as I can see you setup my friend!
I think you'll need as you go forward, one more security provider role:
This way you can check if the user is a member OR an admin
So, you are ok now? the logout is working, right?
I am going to do a test run that @franse had mentioned above. I will let you know shortly here.
I do like your suggestion on the extra role. I will make sure I add that condition in there.
Just to confirm, I have no conditions setup on the 'm' or 'a' roles, is that correct setup?
-Thanks,
-
Yes of course try @franse's suggestion to understand better!
(But remember, after the logout not to forward to a new page because you will not see any of those info) -
What do you mean by saying "I have no conditions setup on the 'm' or 'a' roles"?
Sorry I miss understood when I read that at first. All good on the roles.
Now I did the test and I am actually getting a 'FALSE' back, I have screenshots below. I just used the same Logout button for the testing and added the link right above that one to do the 'Identity' server action (Profile button) and will change these back after I have this fixed.
So the logout is working?
You have some restricted elements to only logged users?
Can you see that after you logout?
@franse No I do not believe so. I am getting a FALSE on the test. Posted video right before your reply.
If you're getting false is because there's no logged user there.
Same as null on php..
What's exactly the issue?
Can you login? then -> see details -> what's the identity?
Then try to logout, and check identity again.
Does it not acknowledge the login even though it takes me to the dashboard? I even tested it with a wrong password first to make sure I am getting those errors which I did.
Now I'm understanding what is happening here.
You're logged but you don't have identity..
@franse What does that tell you exactly? I set everything up correctly I believe. Is this something I am missing in the user or role table?
-thanks,
What I can see, is you're correctly login, with a 200 status, and after you request your identity, it says false.
Maybe someone else can confirm this.
Are you on latest Wappler 6.7.0? All your files are updated?
Some bug was present a few months ago about security identity
@franse I was not on the latest edition, I went ahead and applied the updates and as soon as I did it reopened my project and so I saved it again and immediately got this error:
Let me know if I need to be the 'Use Client' into the code somewhere.
I redid the sign-in test and the same result.
Can you check all your connections? Are you using databases on it?
@franse Yes I checked my connections and I am running the local SQLite for Development.
The local server is working fine for testing still and I can see the website. Logout still not working...
