Browser issue Session does not close with Chrome

[NealC]

Why should "XenForo" ignore standards to fix Chrome? The patch published earlier could cause unwanted side effects, which would then be attributed to "XenForo". If you do not want to apply the patch above, you should contact Google and tell the problem and ask them to solve the problem. This is the right way.

XF doesn't logout when using chrome, to the end user. Do I tell the end user it's a chrome bug when they don't have this problem on any other site?

We can go back and forth on this all day long. If you're going to wait around for Google Chrome to change then this issue could be around a very long time. Mitigate it and when Chrome changes revert if needed. For now it's a problem for our users, waiting it out is not the answer IMHO.

 

[Masetrix]

XF doesn't logout when using chrome, to the end user. Do I tell the end user it's a chrome bug when they don't have this problem on any other site?

You can not compare other pages with XenForo in that point. The problem is that Chrome is waiting for a response after logging out at the wrong time. The user is logged out after clicking on Logout and a refresh of the page (F5 or CTRL + R) shows that synonymous, only Chrome will hang.

I've used the patch above and told my Chrome users that the logout will work again, but the Chrome browser cache for this session will not be emptied.

 

[IFireflyl]

I'm on Xenforo 2.1.4. I tested the username>logout function on my website on both Chrome Version 77.0.3865.120 (Official Build) (64-bit) and Chrome Version 78.0.3904.70 (Official Build) (64-bit). Both times it logged out correctly. Is this something that is intermittent? Is it only affecting 32-bit versions of Chrome, or versions of Xenforo below 2.1.4? Does it only happen with larger boards for some reason? My board is new and still microscopic, but I would think if it's a browser issue it wouldn't matter what size the board is.

 

[NealC]

How do I make this annoyance go away since modifying the file for this issue?

There are 1 missing files or files with unexpected contents. You should review these.

 

[expanserpb]

You can't. Just live with it as you know you did it.

 

[maxicep]

What's the official fix for this? Four months since first reported and nothing from XF?

unfortunately

 

[Chris D]

The reason this issue exists is because we added the Clear-Site-Data, cache header to the log out response some versions back.

We did this because without it if you logout and leave the browser open, anyone can access the same pages you visited in that session (I think it is session based only).

That would allow people to use the same browser and navigate back and see which private messages you were looking at, or private forums and so on.

Clearly, Chrome has a huge issue here. As far as I can work out, there is a severe performance bottleneck, particularly if you have a large Chrome profile. There must be some issue in locating items and clearing them from a large cache.

While there is nothing we can do to workaround that issue, and I don't see a fix incoming from Google any time soon, and the number of complaints about this, we have reversed the change and we will no longer pass the clear-site-data header as of 2.1.5.

As ever, it is imperative that if you are using a shared computer you should log out, shut the browser window and even clear the cache manually if you feel that is necessary. Alternatively, choose to browse in Incognito mode on shared browsers for added privacy.

We'll keep an eye out on this being fixed in Chrome but for now, the behaviour should return to normal.

 

[Kirby]

Chris, I think that reverting the behaviour is a good decision as most users do access forums from their own devices.
Keeping publicly cachable resources (CSS, JS) eben on log-out in this use-case does improve performance for those users.

Maybe you could make the header optional (via an option or config.php setting)?
This would be ideal IMHO.

Maybe in the future this could also be expanded to only send clear site data on untrusted devices.

 

[expanserpb]

Good call

 

[torontotim]

It logs out - just doesn't refresh. If you hit Log Out and then hit Home, you'll be back at your front page and not logged in. At least that's my experience in 2.1.4.

 

[Chris D]

Upgrade to 2.1.5 then it will be sorted.

 

[bzcomputers]

Hi, I have updated to version 2.1.5 and using chrome 78.0.3904.97 and the problem persists.
It's the same with Windows 10's Edge.
Also empty all the chrome cache. No positive result.
I just tried Firefox and even TOR and the fault continues. I already doubt it is a browser failure.
It is the software or the hosting server as a last resort.
However, in my local installation with Laragon, it works perfect.
I will wait to launch my forum until this is resolved, so as not to bother users.
Hopefully it will be solved.

Using XenForo 2.1.5a no problems with logout and session closing on Chrome 78.0.3904.97 or Microsoft Edge 44.18362.449.0

 

[Paul B]

But version 2.1.5a is an update. I installed version 2.1.5 (without the "a").
What would be the difference?

You are not showing as licensed.

If you require support, you will need to associate your forum user name with your customer account.