Logout not working

Cheese · June 17, 2024, 10:56pm

Hold on, is Logout not working or Login not working, or both? I based above on the Title of this Thread...

DannyDan · June 17, 2024, 11:08pm

Logout Feature, I am in test phase, with testing how @franse mentioned above. To return an 'Identity' Tag after Login, but mine keeps coming back to false? But you can see I do login successfully.

As the end of this video you will see after I click Logout, I get sent back to Login, but I simply go to browser and type in /Dashboard again and I am still logged in without security measure saying need to login again.

Hopefully I have shared enough screenshots / videos to get to the solution...

Cheese · June 17, 2024, 11:10pm

Add a Security Restrict on your Profile Action for the logged in User on the internal page.

franse · June 17, 2024, 11:11pm

Haha, joking,

We are all on this

Cheese · June 17, 2024, 11:13pm

Bit after my time Mortal Kombat...? Am more Target Renegade era!

DannyDan · June 17, 2024, 11:31pm

Here are (I know.. more) screenshots of my setup with the Login, Logout, and Security (which I call 'IsMember') i have set up for the Main Layout (used for all pages besides the Sign-in and Sign-up pages).

I am using the 'Profile' button as the Test Button to return 'Identity' for now and will change this once I get this fixed. There must be something I am over looking...

franse · June 17, 2024, 11:34pm

Can you show the API ismember? And whoami?

Cheese · June 17, 2024, 11:37pm

Within the ismember Action (assuming this is only available to the logged in User) right at the top add a Security Restrict Step and select the Group to restrict to.

Screenshot from 2024-06-18 00-35-52

DannyDan · June 17, 2024, 11:40pm

@franse ismember:

whoami:

franse · June 17, 2024, 11:43pm

Last one, I'm really out of ideas here..

Can you pleae share a little video as same as you did with login, but before that, click on preserve log and then click on fetch/xhr

Check the preview/response for:
login/ismember/whoami

DannyDan · June 17, 2024, 11:53pm

@franse

Cheese · June 17, 2024, 11:54pm

On the Layout Page for the User Area where Users have to be logged in add the whoami Action here:

Screenshot from 2024-06-18 00-52-03

Click on App in the App Structure and you'll see it. Remove the whoami Action from the Content Page.

Try that...

DannyDan · June 17, 2024, 11:59pm

@Cheese Just tried this:

Same result.

I am already using a server connect for the main page layout (user area only):

All of my edits have been in the main page layout:

franse · June 18, 2024, 12:00am

You didn't click on preview/response

Cheese · June 18, 2024, 12:01am

Why have you got the logout here? It is Server Side Rendered Data...

Screenshot from 2024-06-18 01-01-04

Replace it with the whoami Action and try... REMEMBER to remove the whoami Action from the Content Page!

DannyDan · June 18, 2024, 12:09am

@Cheese This solved my 'Identity' problem! Thanks!

But, I can still simply changed the browser page and get to a member only area. What's the fix for this?

Almost there!

@franse

Cheese · June 18, 2024, 12:12am

Try adding the Security Provider step above the Restrict Step on the whoami Action. The video doesn't help me (I've drunk too much coffee and have Public Enemy playing at 1200 watts with full bass and its 01.13am). My capacity is diminished right now...

It could be to do with different APP ID's... Ie, not matching the APP ID of the Layout Page, but this is probably a Cheese'ism...

DannyDan · June 18, 2024, 12:15am

@Cheese I guess I am confused as to why I am adding this on the 'WhoamI' one. I really only created this as part of the initial tutorial video series on the Youtube page to get a better idea of how everything works.

I have a seperate 'Security' folder for the Security Restrict for 'IsMember'. Does this make sense? I don't know, I also might be getting more and more confused on this as I work it more.

Screenshot 2024-06-17 at 5.13.16 PM

Cheese · June 18, 2024, 12:19am

I'm an old skool User doing things the old fashioned way.

For every Action you want to protect you'll want to add the Security Provider/Security Restrict and specify the specific Group you wish to restrict it to. This in turn will redirect if the conditions are not met. Falling back on the redirect set in the Provider etc. All this whoami I thing is bewildering to me, all you need is a profile Action, grab the Security Identity, filter against that, pull the profile query... And protect it with the Security Restrict. But then we all do things differently so am not knocking anyone...

Cheese · June 18, 2024, 12:29am

Here is how we keep it basic. Every Group used in the Security Provider has its own Directory in our Actions. In each directory is a Group check Action. This has the Security Provider Step and a Restrict Step based on that specific Group. We then add this to the Server Side Render Action within the specific Groups Layout Page (where you had your logout Action). All of our Actions for specific Groups have a Security Provider and Security Restrict Step BEFORE the query. If the query is using an Identity we add the Security Identity Step to pull the identity to filter by within the query... ALL OF OUR PAGES HAVE THE SAME APP ID.

About as simple as I can explain it Dan.