1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

As Designed Differences in user logout and admin logout

Discussion in 'Resolved Bug Reports' started by rellect, Jan 23, 2016.

  1. rellect

    rellect Well-Known Member

    This could be as designed.

    The user login and admin login are separated. So generally it is possible to login to site as user X, and in the same time to be logged to admin panel as user Y.

    If you logout from user X (from admin panel) - you are still logged as user Y in the site.

    But if you log out from user Y (from the site) - it also logout user X in the admin panel.

    I would expect the logout to affect only the relevant account.
     
  2. rellect

    rellect Well-Known Member

    Reading my message again, there is a mistake and I can't edit.
    Maybe it will make more sense with real names instead X and Y.

    Assume Mark is logged to the site, and John is logged to the admin panel (both in the same browser)
    Scenario 1: John logout from admin panel -> Mark is still logged to the site.
    Scenario 2: Mark logout from the site -> the action logged out also John.
     
  3. Vincent Gabriel

    Vincent Gabriel Active Member

    under XenForo/ControllerPublic/Logout.php they have

    PHP:
    XenForo_Helper_Cookie::deleteAllCookies(
                    
    $this->_getRetainedCookies(),
                    array(
    'user' => array('httpOnly' => false))
                );
    this what causes the admin panel to logout as well, regardless if this is the same user or not. don't think this is by design though.
     
  4. Mike

    Mike XenForo Developer Staff Member

    I would say this is as designed. The public-facing system would generally be considered to be encompassing the admin area as well -- logging into the admin logs you into the front end as well, if you're not already logged in. As such, logging out of the front end is likely to be an indication that you don't want to be in the site at all, so it makes sense to no longer be logged into the admin (regardless of who that user is). Conversely, logging out of the admin area is more of a specific operation for that area.

    I'd note that being able to be logged in as two different people is more of an accident itself, not really something that was explicitly designed.
     

Share This Page