You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using the oidc authz plugin with apisix running as confidential client.
We have noticed that /logout endpoint in Firefox does not handle the Set-Cookie correctly, resulting into the session cookies still present after the logout.
After a new login Apisix tries to refresh a previously closed session resulting in the above mentioned error 500.
Note that this happens to us only in Firefox running in normal mode, in private mode the Set-Cookie handler is correctly handled and cookie cache is wiped out.
We did try also with Edge and Chrome browser v125+ and cookie cache is correctly wiped out (resulting in no error 500 being returned)
We do have the strong feeling that this is not a apisix bug therefore I am not marking this as a software issue, however I would ask the community if anyone has been able to replicate this behavior using Firefox and apisix as a confidential oidc client.
Thank you!
Environment
APISIX version (run apisix version): 3.9
The text was updated successfully, but these errors were encountered:
Description
Hello,
I am opening this request to keep track of the https://bugzilla.mozilla.org/show_bug.cgi?id=1900647 I have recently opened. This is relevant for APISIX because it causes the infamous Error 500
We are using the oidc authz plugin with apisix running as confidential client.
We have noticed that /logout endpoint in Firefox does not handle the Set-Cookie correctly, resulting into the session cookies still present after the logout.
After a new login Apisix tries to refresh a previously closed session resulting in the above mentioned error 500.
Note that this happens to us only in Firefox running in normal mode, in private mode the Set-Cookie handler is correctly handled and cookie cache is wiped out.
We did try also with Edge and Chrome browser v125+ and cookie cache is correctly wiped out (resulting in no error 500 being returned)
We do have the strong feeling that this is not a apisix bug therefore I am not marking this as a software issue, however I would ask the community if anyone has been able to replicate this behavior using Firefox and apisix as a confidential oidc client.
Thank you!
Environment
apisix version
): 3.9The text was updated successfully, but these errors were encountered: