Logout not clearing PLAY_SESSION cookie on Safari


#1

I’ve noticed an issue where the Logout functionality in Silhouette is not clearing the PLAY_SESSION cookie when you discard the authenticator service. On Chrome, this works just fine, but in Safari it’s keeping the user logged in. When you look at the cookies from the browser, you can see the cookie is removed in Chrome, but it still exists in Safari. Is this an issue with Play, or with Silhouette? This is the code I’m using to logout:

authenticatorService.discard(request.authenticator, Redirect(PageUrls.homePage.url).withNewSession)

I’m using Session Authentication in Silhouette FYI. The redirect seems to work since it goes to the home page, but it does not log the user out.


#2

Hi,

Do you mean that it doesn’t remove the authenticator from session cookie? The discard method of the SessionAuthenticator removes the authenticator from the given result. In your case you clean the session first and then you try to remove the authenticator from a clean session. This doesn’t work. I’m not sure why it works in one browser and not in another. Normally you should use either the discard method to remove only the authenticator from session or you clean the complete session. Let me know if it works.

Best regards,
Christian


#3

I tried removing the Silhouette code and just doing the Play redirect with a new session and I’m still seeing the same issue. It just does not remove the PLAY_SESSION cookie in Safari for some reason.


#4

I’m not sure if it should remove the cookie, I think it only removes the session data from cookie. But I’m not really sure. Maybe you should ask in the Play Framework list or in the gitter channel.


#5

Yeah this definitely seems to be a Play issue now, I’m in touch with their support. Thanks for your help.