/_signout not working in Chrome but does work in other browsers

[mkarlesky]

Thank you for your docker image. I'm a complete novice to OAuth, but with your image I was able to successfully deploy a secured landing page and reverse proxy two web apps (that are in turn now also secured with Google OAuth).

I'm experiencing an odd problem and have no idea how to troubleshoot it. The signout URI works successfully in three different browsers (Firefox & Safari on macOS and Safari on iOS) but effectively does nothing in Chrome (macOS).

When following the /_signout URL in Chrome, the login token remains current and / simply reloads, still logged in.

It's hard to imagine that Chrome itself is the problem as the transaction is straightforward and should trigger the appropriate actions in the Docker image. And, yet, it's the only browser in which this does not work.

Any ideas?

[danielmotaleite]

i maybe some cache?
try to open chrome developer tools-> network and try to replicate. Check if any of the requests are being cached! you may need to exclude some .js from oauth... or tune the cache headers

[mkarlesky]

Indeed. It was as simple as clearing relevant items in the cache. Thanks!

[ferringb]

@mkarlesky while you wiped the cache, this shouldn't have been a necessary step. Can you double check the headers on the cookie, and the request exchange? /_signout should be nulling the cookie- cache shouldn't matter here.

[danielmotaleite]

Sometimes the problem is not in the cookie, but the cache of the redirect on the browser side from the valid site url to the google auth url. i also had this on static resources and i think it was one of the reasons that i did this code change: 7426c53

[mkarlesky]

@ferringb Happy to investigate. However, I'm a n00b on OAuth (and the innards of cookies, for that matter). If you provide some instructions I'll gladly carry out the tests and inspections and report back.

[nodefactory-bk]

Doesn't do much in chrome or firefox for me.

Cookies are removed and I get redirected to google and then immediately get redirected back and logged in again. Or in case of an unauthorized account I get back a 403 since I can't switch accounts because I don't get the google account login/selection screen.

Might well be browser cache related however I don't see cache mentioned in the network traces.

Screenshots from chrome (proper login) and firefox (google account that isn't allowed) network monitor attached.

Chrome with allowed account:

Firefox with denied account: