Logging out of oC web does not log out of oC classic

[Deaddy]

This might be just an annoyance, internally we are also still unsure whether we see this as a huge problem or if it is just a meh issue for power users during the transition away from oC classic.

Steps to reproduce

1. Run ownCloud web as app for owncloud classic
2. Log into ownCloud web via the menu in the upper left corner
3. Authenticate the app
4. Log out of owncloud web
5. Be still logged in classic owncloud

Expected behaviour from a technical perspective

Everything works as expected. We have authorized a app, which should be independent of being logged into the classical webinterface or not.
You are being redirected to the authorization page for the webapp, where you can just click again re-authorize.

Expected behaviour from a user or admin perspective

To be logged out in the classic webinterface as well, I suspect. And maybe not being able to authorize without

Actual behaviour

See expected behaviour from a technical perspective. ;-)

relevant parts of the current setup

owncloud 10.8 with 4.2.0 web app
skipping all the other stuff because as it is not really relevant to the discussion

Possible solutions and discussion

I think before we look at a technical solution the question is whether or not this much of an issue.

• somehow hack around so that logging out the web app also logs out the classic interface
• (attempting to) redirect to the original webinterface where you are possibly still logged in after logout
• accept this behaviour and move on, find a clearer way to communicate to the user
• ???

[kulmann]

Regarding UX this gets even worse with a trusted oauth2 client - then the authorize screen doesn't exist and you are immediately redirected into ownCloud Web again. Essentially, logging out in ownCloud Web has no effect at all then.

[tbsbdr]

@kulmann in some usecases this is a severe bug if the logout is done for security reasons. though there is a workaround (switch to oc10 and logout here), the workaround might not be obvious to every user. imo this p1 bug should be amongst top 3 in the queue ;-) would you agree?

[kulmann]

Apparently the backend session handling is really broken for the combination of oauth2 and classic login. There is #7018 as the other facet of the "client logout issue" (logout in classic doesn't logout in web).