Browser issue Slow logout on Chrome on XF.com

[vbresults]

Affected version

xenforo.com

On XF.com, when I log out, it hangs as if it's doing an endless redirect loop, but I think it might actually be related to CloudFlare. This seems to happen in MacOS Safari 18.5 but not Firefox or Chrome.

When CloudFlare happens to be triggered on logout, Firefox and Chrome show the CF verification page/checkbox but Safari just hangs. The logout occurs if I hard-refresh so it seems to be strictly CF-related.

 

[Jeremy P]

This will actually be related to us re-enabling the Clear-Site-Data: cache header for logouts:

Fixed Post in thread 'Logout bug when Guest caching is enabled'

May 19, 2025

Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.3.7).

Change log:

Clear site cache data when logging out

There may be a delay before changes are rolled out to the XenForo Community.

• XF Bug Bot

• 
• 

We had it briefly a while back but it caused hangs for quite a while:

Browser issue Thread 'Session does not close with Chrome'

Jul 17, 2019

User name -> Log out = processing.
It really closes, but it doesn't change the screen, which remains processing.
It happens with Chrome 75.0.3770.142 (64 bits).
It works fine with Edge, so it could be related to Chrome.

• soloarquitectura
• Replies: 52
• Forum: Resolved bug reports

• 

It's ultimately a Chrome issue, the situation seems to have improved somewhat over the years but it still seems to take quite a while to clear the data.

 

[Mike S]

The same thing happens to me both here and on my forums (2.3.7, Safari Desktop 18.5).

When I logout, the browser keeps loading and does nothing.

 

[Jeremy P]

It'll be the same cause. You can disable this behavior with a config flag if you are not using the guest page cache and are comfortable with browser back/forward navigations potentially loading cached pages of formerly logged in users:

$config['enableClearSiteData'] = false;

 

[Astra]

On Apple Mac, when you log out of your account, the system hangs for a long time until you simply refresh the page. This behavior appeared after the last update.

Where is the file that needs to be changed?

 

[Chromaniac]

/src/config.php

it is basically the file where your database information and other configuration settings are present. you can basically just add this line as this is not really a code change.

 

[Astra]

Is this a bug? Will it be fixed in the next versions of the forum? Or is it the fault of Safari and Google Chrome browsers?
We need to understand whether to make changes to the configuration file or wait for the next update? It's just that this affects a huge number of users, everyone who visits the forum from these browsers and it looks, quite inconvenient. Maybe a patch will be released in the very near future?

 

[Chris D]

It's not a bug in XenForo.

What we are doing is telling the browsers that, upon logout, any cached data related to XenForo should be cleared from its memory.

This is important because, without it, logging out of a shared computer would enable someone else to come along and potentially navigate through your browsing history and access pages that may contain sensitive information such as authentication details, contact details or direct messages and private forums, which may also contain sensitive information in their own right.

Why this seemingly takes so long on some browsers is really a question for the browser developers, and it most likely indicates a bug in those browsers themselves.

If the current behaviour is undesirable, that's when you would add the following to your config to disable the cache clearing behaviour:

$config['enableClearSiteData'] = false;

So, in summary, your options are:

1. A slower, but more secure, log out process that ensures personal or sensitive information is removed from browser caches
2. A faster, but less secure, log out process, acknowledging that, in some cases, sensitive information can remain in a browser cache

That's the decision you need to make but the hope is that this will be optimised in future browser updates.

 

[expanserpb]

2. A faster, but less secure, log out process, acknowledging that, in some cases, sensitive information can remain in a browser cache

Thank you for the fix!

 

[nodle]

On Apple Mac, when you log out of your account, the system hangs for a long time until you simply refresh the page. This behavior appeared after the last update.

Just ran into this myself until I found this thread. I like the idea of a more secure log out, but it just basically hangs forever. It really makes it seem like a bug with the software (I know it's not). Hopefully it will get better in the future like @Chris D said.

 

[mjda]

Just ran into this myself until I found this thread. I like the idea of a more secure log out, but it just basically hangs forever. It really makes it seem like a bug with the software (I know it's not). Hopefully it will get better in the future like @Chris D said.

Yes, the insecurity stinks but, after checking a few high profile sites like Amazon and realizing they don't clear the site data on log out, I've decided to disable this for now too. Hopefully it'll be fixed in the browsers in the future so it can be enabled again but, until that happens, I'm happy keeping it going as-is.

 

[Kevin]

September, 2025..... is anybody else experiencing this with XF 2.3.7 with Chrome mobile for Android?

 

[hakyangler]

September, 2025..... is anybody else experiencing this with XF 2.3.7 with Chrome mobile for Android?

PHP:
$config['enableClearSiteData'] = false;

Yes, the same issue still exists.
I’m no longer sure whether this is actually a problem, but applying this seems to fix it.

 

[robdog]

I just started to experience slow log out on my site when I upgraded from 2.3.6 to 2.3.8. I am going to see if that config setting works.

I am using the latest Chrome version on MacOS.

@Chris D was the clearing of secure data added in 2.3.7? I believe that is what I am getting from the previous posts in this thread.

 

[robdog]

@Chris D, one more thing for consideration of this. In the file LoginPlugin.php in the function clearSiteData, we have this:

$response->header('Clear-Site-Data', '"cache"');

Can we be a little less aggressive and use this:

$response->header('Clear-Site-Data', '"cookies", "storage"');

Once I changed that line of code, it was back to being super fast. Are there other cache items that we would need to remove above and beyond cookies and storage?

 

[Jeremy P]

Those are all separate directives that clear different things. Clearing the cache does not clear cookies or storage, and vice versa. Cookies and storage do not need to be cleared during logouts (we have separate handling for this to retain specific items).

You can use the config directive in the fourth post to disable this if you wish.