Issue with login (session)

1. What is the problem? Be very detailed.
I made a fresh install of ODK central-backend et central frontend today (not using docker) the 2 part was up and running , i can log to central-frontend , create project ... after some hours of testing i left the navigator open , when I wanted to reconnect I was automatically transferred to the login page (which seems normal to me because my session has expired) since unable to reconnect I have the following message "A user is already logged in. Please refresh the page to continue "I have refreshed the page, empty the cache, the cookies, restart the servers, I get this message even when I put incorrect identifiers (false email address or bad password I have the same error message) Has anyone already faced a similar problem? in the central-backend server console I have only one line which log: :: ffff: 127.0.0.1 - - [14 / Feb / 2021: 19: 57: 14 +0000] "GET / v1 / sessions / restore HTTP / 1.0 "404 76

2. What app or server are you using and on what device and operating system? Include version numbers.
Ubuntu 20 vanilla central-backend , NGINX for central-frontend (backend and frontend cloned today from github)

3. What you have you tried to fix the problem?
Clear cache , clear cookies , refresh page , restart central-backend , restart nginx

4. What steps can we take to reproduce the problem?

5. Anything else we should know or have? If you have a test form or screenshots or logs, attach below.

Central requires Docker. What do you mean you did a fresh install not using Docker?

Hi @SagitariusAStar! I'll echo @yanokwa in saying that the most important next step will be to start using Docker. In particular, as the readme of the central-frontend repository says, the nginx.conf in that repository is for development only, not for use in production.

You're seeing behavior that we have planned for the next version of ODK Central, v1.2, but that hasn't been released yet. Note that the master branch in the central-frontend and central-backend repositories reflect ongoing development for the next version. For a stable version, you can check out the latest release tags. If you use Docker, the correct stable commits will be checked out.

The specific behavior you're seeing isn't expected and points to an issue involving the browser's local storage. The automatic logout should clear the item in local storage that causes this message to be shown. Actually, clearing cookies should also clear this item, since usually the browser will clear cookies and local storage at the same time. If you have a chance, I'd be interested to learn more about what browser you're using, what your cookie settings are, and what steps you took to clear your cookies. Again though, the most important next step will be to start using Docker.

2 Likes

Dear @yanokwa , @Matthew_White ,

I dont use docker because i making some tweaking (modifying source code ). but as you say in production docker is a better alternative, I have found a "solution" to my concern indeed the browser cache is not properly emptied when disconnecting the application, but what is enough strange because even when I navigate on the frontend if I click on the "home" button (at the top left of the page) it sends me back to the login page where I have again the same error while I did not disconnected, I use the "master" branch on the git and my browser is firefox (last version). the solution is therefore to go to the browser's preferences and force the emptying of the cache every time I have this error message (i dont use specific settings for cookies in firefox , i have default settings)

Do you see "A user is already logged in." every time you try to log in after you are logged out, or only sometimes? For example, if you log out using the "Log out" button, then try to log in, are you able to do so? In Firefox, I'm able to consistently log out, then log back in.

I'm also wondering whether you're seeing this behavior while using localhost during development or whether the frontend is being served elsewhere.

What page were you on before you clicked "ODK Central" in the navbar? Were you logged in?

Hi @Matthew_White ,

Yes i see "A user is already logged in." every time i try to log in after i logged out, even if i put a fake user or bad password i get this message i think the normal process for bad credential will be a message saying "Invalid email or password" but i dont have this message.
Regarding my setup , central backend and central frontend is launched on same machine

Finally , for the click on "ODK Central link" it's happens when im on a project page and i want to return to home screen if i click on the link i'm rediretced to login page with the message "A user is already logged in." at this level even if I use the "back" button of the browser I stay on the login page with the same message.

I will try to make a small video when i get back to home with the complete step and share it with you.

Remaining at your disposal for more information.

Regards

How are they launched? For the frontend, did you run npm run dev or npm run build? Are you using ngrok?

That is the expected behavior right now: if the frontend believes that you are already logged in (as indicated by local storage), it won't try to create a new session, so it won't try to validate your credentials. (If you have a session cookie, a request to create a new session would fail, as the cookie would be sent without a CSRF token or other auth.) Instead, the frontend will prompt you to refresh the page so that the existing session can be restored. This case is common in local development, but is much less common in production.

That behavior is definitely unexpected. If you are on a project page, then clicking "ODK Central" should redirect you to the welcome page that lists the projects. That behavior doesn't rely on local storage or cookies, but just uses the Vuex store. Could you say more about the changes you've made to the frontend?

Great, that would be helpful!