Logging out not expiring session

Question

Logging out not expiring session

eliezerp3 opened this issue 2 years ago · 3 comments

Hi. Thank you so much for this package. I have this

 'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.SessionAuthentication',
        'knox.auth.TokenAuthentication',
    ),

in my settings.py. Issue is that the log out view only expires the token but the browser still stays logged in due to the session still being valid. Is there any way to expire the session when the user logs out?

Answer 1 · 2022-10-04T15:01:44.000Z

If you are previously logged in with session authentication then dfr/knox won't do anything to remove that session. Try deleting the cookies and then next time it may not occur.

Answer 2 · 2022-10-04T16:32:41.000Z

@yd4011439 Unfortunately that doesn’t help. It seems it uses both session and token upon login but only expires the token (and not the session) upon logout.

Answer 3 · 2023-11-04T11:42:35.000Z

Same error using the tutorial https://jazzband.github.io/django-rest-knox/auth/

class LoginView(KnoxLoginView):
    permission_classes = (permissions.AllowAny,)

    def post(self, request, format=None):
        serializer = AuthTokenSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        user = serializer.validated_data['user']
        login(request, user)
        return super(LoginView, self).post(request, format=None)

login(request, user) create the session cookie.

I also overide the LogoutView

class LogoutView(KnoxLogoutView):
    def post(self, request, format=None):
        response = super(LogoutView, self).post(request, format=None)
        logout(request)
        return response