gmt1996 opened a new issue, #58673: URL: https://github.com/apache/airflow/issues/58673
### Apache Airflow version 3.1.3 ### If "Other Airflow 2/3 version" selected, which one? _No response_ ### What happened? When users try to log out from the web UI, the session doesn’t actually close. The page redirects correctly, but the user stays logged in and can still access the interface without re-authenticating. The only way to fully log out is to manually clear the browser’s session cookies. ### What you think should happen instead? The expected behavior is that logging out should immediately invalidate the user’s session. After clicking “Log out,” the session cookie should be cleared or expired, and the user should be fully unauthenticated. Any attempt to access the interface afterward should redirect to the login page without requiring manual cookie deletion. ### How to reproduce 1. Log in. 2. Click on "users"-->“Logout” in the web interface. 3. Observe that the user remains logged in. 4. Manually delete the session cookies and refresh the page; only then the user is logged out. ### Operating System Amazon Linux 23 ### Versions of Apache Airflow Providers Airflow version: 3.1.3 Previous version: 3.1.2 Authentication backend: airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager Deployment type: Docker ### Deployment Docker-Compose ### Deployment details _No response_ ### Anything else? _No response_ ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
