Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
User gets 500 error if you delete a logged in user
-
Hey there,
I noticed what looks like an unhandled edge case around deleted users with active sessions.
I started a fresh instance using:
podman run -d --name=proget --restart=unless-stopped -p 80:80 proget.inedo.com/productimages/inedo/proget:latestThen I:
- Created a user
test:test - Logged in as
test:testin an incognito browser session - Deleted the user from the original admin session
- Refreshed the page in the incognito session
Instead of being redirected to the login page, I get an HTTP 500 error.
I would have expected the session to be invalidated and the user to be redirected back to the login page since the account no longer exists.
- Created a user
-
Hello,
Thanks for reporting this; this behavior is by design.
ProGet uses authentication tickets (i.e. encrypted cookies). If the username on a valid ticket cannot be located in the user directory, then a "user not found" error will occur, as it did here.
This errant behavior is generally desired for troubleshooting cases where users are intermittently not available from a user directory. Otherwise it's very difficult to troubleshoot, since it will just appear as a random log-out.
Thanks,
Steve
