there is a flaw in the way you produce the problem: clicking is not enough, the logout is to be considered completed when you receive the answer from the server.
"
clicking is not enough" (epic title for the next 007 movie!)
Talking seriously,
I do understand what you say, but even if you 'wait' to receive an answer from the server, this small issue continues. For example, I did this change on the template (marked in red color, and the result is the same):
function executeLogout() {
var LogoutRealm = '__USER'+'='+'&'+'__AJAX'+'='+1;
var xhr = new XMLHttpRequest();
xhr.open('POST', '/');
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
xhr.onreadystatechange = function() {
if (xhr.readyState === 4) {
if (xhr.status === 200) {
if (xhr.responseText === "ok") {
window.location.replace('/');
}
}
}
};
xhr.send(LogoutRealm);
};
also, are you using the alpha 5 for your tests? because it contains more changes to the code i published above, and the logout is also removing this session from all active connections, immediately.
See at https://github.com/rejetto/hfs2/commit/82de2130592f2c4ee5b832a17c5c6b7b059995ec
Yes, I've seen the code changes (your changes are very good and extensive), but I guess there must be something else missing (some little detail). On
my proposed fix, that issue doesn't happen (but I think it's a little bit ugly and aggressive to 'kick all the idle connections' like I did on my fix, and I don't know if that 'kick' could affect other users in a bad way). If this issue can not be solved, I was thinking of proposing to add a macro command to 'kick all the idle connections', and send this command using the template (for those who want this to be perfect).
also, are you using the alpha 5 for your tests? because it contains more changes to the code i published above, and the logout is also removing this session from all active connections, immediately.
Yes, I was using
v2.4 Alpha 5 yesterday, and today also tried
v2.4 Alpha 7 (the MD5's issue was fixed on alpha 7, but this "small issue" is still present).
The 'key' to reproduce the problem is opening several tabs in your browser.
1) Install the
old template and the
form-based login (as usual).
2) Create one user and give that user access to a few folders (with files).
(For example: Folder1, Folder2, Folder3, Folder4 and Folder5).
3) Login with that user, and open Folders 1 to 5, each one, on one tab.
4) Go to the tab of Folder1 (or any tab), and click on the Logout button.
5) Now go to the tab of Folder2 and click on one or more of the files there.
6) If it ask for password, click cancel and go to Folder3, Folder4 and Folder5 and try to access some of the files (during 15 to 30 seconds, you could access as many files as you want, some will fail, but some will go trough, depending on the timeout of that tab).
So, summarizing, you can continue (for at least 15 to 30 seconds), acceding to password protected files (until the last authenticated connection times out on the server). Sometimes it will ask for a password, but generally, you have 30 seconds to access some files. If you can't reproduce this, I can do a video to show this.
Cheers,
Leo.-