Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

help request: APISIX oidc /logout not working in Firefox (unless running in private mode) #11324

Open
francescodedomenico opened this issue Jun 4, 2024 · 1 comment

Comments

@francescodedomenico
Copy link

Description

Hello,
I am opening this request to keep track of the https://bugzilla.mozilla.org/show_bug.cgi?id=1900647 I have recently opened. This is relevant for APISIX because it causes the infamous Error 500
image

We are using the oidc authz plugin with apisix running as confidential client.

We have noticed that /logout endpoint in Firefox does not handle the Set-Cookie correctly, resulting into the session cookies still present after the logout.

After a new login Apisix tries to refresh a previously closed session resulting in the above mentioned error 500.
Note that this happens to us only in Firefox running in normal mode, in private mode the Set-Cookie handler is correctly handled and cookie cache is wiped out.

We did try also with Edge and Chrome browser v125+ and cookie cache is correctly wiped out (resulting in no error 500 being returned)

We do have the strong feeling that this is not a apisix bug therefore I am not marking this as a software issue, however I would ask the community if anyone has been able to replicate this behavior using Firefox and apisix as a confidential oidc client.

Thank you!

Environment

  • APISIX version (run apisix version): 3.9
@markusmueller
Copy link
Contributor

@francescodedomenico Came across your report related to that problem on https://bugzilla.mozilla.org/show_bug.cgi?id=1900647, this might help you: #11492

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: 📋 Backlog
Development

No branches or pull requests

2 participants