Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue with AspNetCore.Identity.Application Cookie and SignalR in Multiple Tabs Logout Flow #1418

Open
ImalshaRC opened this issue Sep 23, 2024 · 0 comments
Open

Issue with AspNetCore.Identity.Application Cookie and SignalR in Multiple Tabs Logout Flow #1418

ImalshaRC opened this issue Sep 23, 2024 · 0 comments
Labels
IdentityServer

Comments

@ImalshaRC
Copy link

ImalshaRC commented Sep 23, 2024
edited
Loading

Environment:
Duende.IdentityServer.AspNetIdentity: 7.0.5
Microsoft.AspNetCore.Authentication.JwtBearer: 8.0.7
Microsoft.AspNetCore.Identity.EntityFrameworkCore: 8.0.6
Frontend: React with TypeScript

We are using Duende IdentityServer along with ASP.NET Core Identity in our application. We have implemented SignalR to broadcast logout events across multiple browser tabs. However, we are encountering an issue where, despite logging out from one tab, the other tabs do not log out immediately as expected. This seems to be caused by the AspNetCore.Identity.Application cookie, which persists for a short period after logout.

Here’s an overview of our setup:

We use SignalR to broadcast a logout request to all tabs when the user logs out from one tab.
Our application uses the AspNetCore.Identity.Application cookie for authentication.
We want to either completely eliminate the use of the AspNetCore.Identity.Application cookie or ensure that all tabs are correctly logged out immediately when a logout occurs in any one tab.
The expected behavior is for all tabs to log out simultaneously when one tab logs out. Currently, the other tabs are not logging out correctly until the AspNetCore.Identity.Application cookie expires or is manually cleared.

We have reviewed multiple resources and couldn't find a solution that addresses this behavior in a consistent manner. Here are some of the steps we have taken:

We configured SignalR to broadcast logout events to all tabs.
We ensured that the AspNetCore.Identity.Application cookie is cleared on logout.
Despite these steps, the other tabs remain logged in temporarily due to the lingering cookie.
Questions:

Is there a way to completely eliminate the AspNetCore.Identity.Application cookie when using Duende IdentityServer with ASP.NET Core Identity?
Alternatively, is there a recommended approach to immediately force all tabs to log out upon receiving a SignalR logout event, including the immediate removal of this cookie?
Any guidance on resolving this issue would be greatly appreciated.

Steps to Reproduce:

Login to the application with multiple tabs open.
Log out from one of the tabs, which triggers SignalR to broadcast a logout event.
Observe that the other tabs are not logged out immediately due to the AspNetCore.Identity.Application cookie persisting temporarily.

Additional Information: Here’s a snippet of the logout logic we are using:

app.MapPost("broadcast", async (string message, IHubContext context) =>
{
await context.Clients.All.SendAsync(message);
return Results.NoContent();
});

Thank you for your support and assistance!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
IdentityServer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ImalshaRC