Hi,
we have been struggling with this issue for a long time now and debugged
pretty much every piece of code we wrote in order to find the root cause.
Issue:
1) User logs in via Facebook and uses the Token based authenticator to
authenticate with the sync gateway.
2) User logs out and logs in with a basic HTTP authenticator
Problem: even though the authenticator is correctly configured and the
logic is sound, the first authentication attempt happens under the old
Facebook user and hence the replication is messed up.
At first, we thought that it must be an issue on our side and therefore we
spent days troubleshooting but now we found evidence that something else is
going on. We delete the database, we deallocate every object that is
remotely related and still the issue occurs. Here are a few scenarios that
have been tested:
1) Basic to Basic Authentication works
- Basic HTTP user logs in and out
- Another basic HTTP user logs in and it works as expected
2) Basic to Facebook authentication
- Basic HTTP user logs in and out
- A Facebook user logs and it works as expected
2) Facebook user and restarting the app
- Facebook user logs in and out
- App is restarted
- Basic HTTP user logs in and it works as expected
The problem is the Facebook session in combination with the CBLManager.
When a Facebook user logs in and out, the immediate next user who tries to
logs in still get the old Facebook user's context. Even when flushing the
Facebook session it didn't change the behavior...it seems that if another
user tries log in after a FB user has been authenticated the issue occurs.
But it is solely memory based because restarting the app eliminates the
issue...
We then suspected that the CBLManager might be the root cause as this is
the only process that doesn't get deallocated. We found a bug on GitHub
regarding session cookies and then tried to clear any cookies manually -
that worked!
So here is what we do in order to work around the problem:
1) Facebook user logs in and out
2) At logout, run
for (NSHTTPCookie *cookie in [[NSHTTPCookieStorage
sharedHTTPCookieStorage] cookies]) [[NSHTTPCookieStorage
sharedHTTPCookieStorage] deleteCookie:cookie];
3) Immediately log in with a Basic HTTP and voila, its working...
Is that expected? Is that a bug? I find it hard to believe that no one else
is running into this...
Thanks Christoph
--
You received this message because you are subscribed to the Google Groups
"Couchbase Mobile" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/mobile-couchbase/4eda162b-ad66-42bb-a338-716e6ec4f548%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
