Bug #12138
closedClicking "logout" on portal page does not function when logout popup is disabled
100%
Description
From forum discussion: https://forum.netgate.com/topic/163581/is-logout-without-popup-possible/10.
Turning out the logout popup turns out logout altogether.
In some cases, captive pages are hosted externally and are able to know the state of the user and provide a logout button.
In these cases the logout popup is not necessary. Moreover the popup is not great for UX and blocked on most modern browsers.
Is turning off the logout feature when disabling the popup desirable?
I would argue that we could leave the logout feature always on regardless.
Alternatively, there could be another checkbox which allows controlling whether the logout should be enabled or not.
I would like to know the opinion of the maintainers on what could be the best way to implement this change.
Updated by Jim Pingle over 3 years ago
- Subject changed from Captive portal: allow logout also if logout popup checkbox is disabled to Clicking "logout" on portal page does not function when logout popup is disabled
- Assignee set to Jim Pingle
- Target version set to 2.6.0
- Plus Target Version set to 21.09
This is actually a bug and not intended.
You should always be able to manually go back to the portal page at <http or https>://<ip address or hostname>:<port number>/index.php?zone=<zonename>
and click Logout
even when the popup is disabled.
When the popup is disabled, going back to that URL displays a logout button but clicking it returns a "you are connected" message and does not disconnect the user.
It works as expected when the logout popup is enabled.
Updating subject to match the behavior.
Updated by Jim Pingle over 3 years ago
- Status changed from New to In Progress
Turns out some of the behavior I saw was from an old custom logout page that I forgot I had, which didn't have all the correct form fields.
That aside, there was still a problem where the "You are connected" screen should have a logout button, and it should also look more like the login page. It's kind of odd for it to show plain text the way it does.
I have a fix committed, will show up shortly.
Updated by Jim Pingle over 3 years ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset 88479de6fa2aedf09972d6eb204f5ef7567e8616.
Updated by Jim Pingle over 3 years ago
If testing on 2.5.2, first apply 9fc1648ef349d6a657e29ceb2c3dfb70967adb3f
then apply 88479de6fa2aedf09972d6eb204f5ef7567e8616
Testing on snapshots won't require any special steps, it should be in tomorrow's snapshot.
Updated by Federico Capoano about 3 years ago
I have tested the snapshot of today.
I disabled the pop up and I can log out anyway, so that seems to be fixed.
However, there's several other issues that have popped up in the dev version, I am not sure if it's because of backward incompatible changes which make my login page not work properly, but after logging in, trying to surf the internet takes me to an internal page of Pfsense saying I'm connected to the service with a button to disconnect.
So I will go back to the stable version. I hope the stable releases 2.6 will not bring backward incompatible changes to the login/logout HTTP endpoints.
Thank you very much
Best regards
Federico Capoano
Updated by Jim Pingle about 3 years ago
The issue you describe is unrelated to this, I can reproduce that here, I created #12345 to track it since it's a separate problem.
Updated by Federico Capoano about 3 years ago
Thanks for letting me know!
I think this issue can be closed.
Is a minor bugfix release (eg: 2.5.3) on the table?
Updated by Jim Pingle about 3 years ago
Federico Capoano wrote in #note-7:
I think this issue can be closed.
I'm going to leave it open for now and wait until #12345 is fixed so it can get a better and more accurate test
Is a minor bugfix release (eg: 2.5.3) on the table?
Unknown at the moment, though even if it does happen before 2.6.0 this type of change may not make the cut in that kind of patch release.
Updated by Federico Capoano about 3 years ago
Jim Pingle wrote in #note-8:
Federico Capoano wrote in #note-7:
I think this issue can be closed.
I'm going to leave it open for now and wait until #12345 is fixed so it can get a better and more accurate test
Ok.
Is a minor bugfix release (eg: 2.5.3) on the table?
Unknown at the moment, though even if it does happen before 2.6.0 this type of change may not make the cut in that kind of patch release.
Isn't this a bugfix? Does it have a too big impact to be backported to a patch release?
Updated by Jim Pingle about 3 years ago
- Status changed from Feedback to Resolved
This works fine on the current code as far as I can see. With or without the logout popup, navigating back to the full portal URL displays a properly formatted page with a button to logout.
When the browser allows popups, the logout popup still contains the small/simple layout with a logout button.
The only quirk is that when the logout button is clicked it tries to show the login form inside the tiny popup window, but that can be dealt with on a future release. I moved it over to #12357
Updated by Jim Pingle about 3 years ago
- Plus Target Version changed from 21.09 to 22.01