Reply to User gets 500 error if you delete a logged in user on Fri, 12 Jun 2026 14:13:07 GMT

pg_user_8607 — Fri, 12 Jun 2026 14:13:07 GMT

Hey there,

I noticed what looks like an unhandled edge case around deleted users with active sessions.

I started a fresh instance using:

podman run -d --name=proget --restart=unless-stopped -p 80:80 proget.inedo.com/productimages/inedo/proget:latest

Then I:

Created a user test:test
Logged in as test:test in an incognito browser session
Deleted the user from the original admin session
Refreshed the page in the incognito session

Instead of being redirected to the login page, I get an HTTP 500 error.

I would have expected the session to be invalidated and the user to be redirected back to the login page since the account no longer exists.

Reply to User gets 500 error if you delete a logged in user on Fri, 12 Jun 2026 16:18:48 GMT

stevedennis — Fri, 12 Jun 2026 16:18:48 GMT

Hello,

Thanks for reporting this; this behavior is by design.

ProGet uses authentication tickets (i.e. encrypted cookies). If the username on a valid ticket cannot be located in the user directory, then a "user not found" error will occur, as it did here.

This errant behavior is generally desired for troubleshooting cases where users are intermittently not available from a user directory. Otherwise it's very difficult to troubleshoot, since it will just appear as a random log-out.

Thanks,
Steve