1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WebMail Logout Should be Definitive

Discussion in 'E-mail Discussions' started by webr00t, Nov 3, 2009.

  1. webr00t

    webr00t New Member

    Joined:
    Aug 15, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    A client of mine just informed me that when he logs out from WebMail, then goes back to the same URL, he is logged back in again. I verified this. Others are upset about it as well.

    http://forums.cpanel.net/f5/email-not-logging-out-properly-20428.html

    You can't really log out of WebMail unless you completely close the browser. This is unacceptable -- proper session management would make solving this trivial. PLEASE fix this in future versions. Most people won't know they have to close the browser, and in many cases of public terminals they apparently cannot close the browser completely.
     
  2. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,558
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    I attempted to reproduce the issue but I was unable to do so using the latest EDGE build of cPanel version 11.25. When testing I logged-in to webmail using SSL on port 2096, successfully loaded the webmail index, then clicked the logout link in the upper-right corner of the page; upon trying to re-access the webmail index page (i.e., the page shown immediately after logging-in) I was prompted with a login screen; I tested with HTTP authentication (where cookie authentication is disabled).

    What is your full cPanel version number?

    What port is being used when accessing webmail? (Examples: non-SSL on 2095, or SSL on 2096)

    Is cookie authentication enabled or disabled (in WHM Tweak Settings)?

    What is the precise method and exact steps being used to login, logout, and then go back (and go back to what URL)? Please try to provide as much detail as possible so we may accurately attempt to reproduce the issue.

    Moderator Note: I've relocated the thread into the cPanel and WHM Discussions forum.
     
  3. btx5

    btx5 New Member

    Joined:
    Nov 16, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Cannot logout from webmail

    Bump for the first post. My instance of cPanel also behaves the same.

    If clicking "Logout" or "Sign Out" in any of the webmail clients (Horder,Squirrel,Roundcube) user is taken to: http://www.domain.com:2095/webmaillogout.cgi - showing logout message.

    However, if http://www.domain.com:2095 is loaded, user is taken to: http://www.domain.com:2095/webmail/x3/?login=1, with full login rights.

    Closing the browser has no affect. User can still access webmail control panel without authentication. Using 2096 (SSL) exhibits the SAME behaviour.

    Browser: Safari Version 4.0.3 (5531.9)

    cPanel info:
    cPanel Version 11.24.5-RELEASE
    cPanel Build 38506
    Theme x3
    Apache version 1.3.37 (Unix)
    PHP version 4.4.3
    MySQL version 4.1.22-standard
    Architecture i686
    Operating system Linux
     
  4. btx5

    btx5 New Member

    Joined:
    Nov 16, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Just to add to the above post: deleting cookies does not affect behaviour.

    In Safari: Selecting Safari>Preferences>Security>Show All Cookies>Remove all.

    User can still access mail via http://www.domain.com:2095/

    It seems this instance of cPanel is also exhibiting the same behaviour for the domain control panel via www.domain.com:2082. I.e., not logging out, and allowing unauthenticated access via the 2082 url.
     
  5. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,558
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    So that we can more thoroughly inspect the reported issue please submit a ticket; if needed, the link in my forums signature may be used to initiate a ticket submission. When available, please PM me the ticket number.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    12,117
    Likes Received:
    31
    Trophy Points:
    48
    Location:
    Pennsylvania
    That thread is years old. I don't see anyone upset, more of asking why, there.

    You don't mention the browser used, how many windows were open, etc, but ending a session by closing the browser is quite normal.

    Quoted from this link: Session Cookies, sessionStorage, and IE8

    You might like to read the rest of it there.
     
  7. MAXp0wr

    MAXp0wr New Member

    Joined:
    Aug 21, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Safari and Chrome won't log out... at all !

    I am also having this problem, after logging in to webmail I was unable to log out, at all.
    So far only in Safari and Chrome.
    Everything seems to work fine in Firefox and Opera.

    * Tested on one window with a single tab.
    * Tested on both SSL and non-SSL (2095 & 2096).

    I was able to go straight back in to webmail after:
    - Logging out and seeing logged out message.
    - Logging out then closing and re-opening a window.
    - Logging out then quitting and then re-launching the application.

    I really don't see this as normal behaviour. It's a major problem and my users will go nuts when they realise this problem exists.
     
    #7 MAXp0wr, Dec 19, 2009
    Last edited: Dec 19, 2009
  8. Arvand

    Arvand Member

    Joined:
    Jul 26, 2003
    Messages:
    130
    Likes Received:
    1
    Trophy Points:
    18
    This is an issue that happens in all Safari versions on the new webmail. I've verified this with several different Windows/Mac Safari installations

    Login to Webmail. Click on Logout on top right. Choose to log back in on the log out screen. It will log you back in without asking for a password.

    We are running the latest RELEASE version. This has been tested on several different servers as well.
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    12,117
    Likes Received:
    31
    Trophy Points:
    48
    Location:
    Pennsylvania
    I don't use safari for much other than quick testing at times. The version I had installed was beta 4 up until a few minutes ago. Using that one, I logged into cPanel and then into webmail > RoundCube. After viewing mailbox I clicked logout and then got the do you want to login again, I clicked it and it did ask me for my password as I would expect. I closed the browser and then decided to upgrade it to the latest and try again.

    All browsers closed, I open Safari 4.0.4 and type in mydomain.com/cpanel and hit enter. I'm already logged in. No password check, no message about cert, nothing.

    On the top right corner of Safari is an icon to some tools. One of those tools is called Reset Safari, it clears everything similar to IE8's Delete Browsing History. I clicked that, then closed Safari then reopened and typed in the domain again as before. This time it asks for my password, as expected.

    This is a browser caching issue it seems to me, not a cPanel problem.
     
  10. Arvand

    Arvand Member

    Joined:
    Jul 26, 2003
    Messages:
    130
    Likes Received:
    1
    Trophy Points:
    18
    Received the following response from cPanelDon:

    Using the provided test account I was able to reproduce the issue in Safari 4.0.4 (6531.21.10) and Google Chrome 4.0.295.0-dev on Mac OS X 10.6.2 Snow Leopard; however, to note, both Safari and Google Chrome use the WebKit engine, unlike Opera and Firefox. In Opera 10.10, Build 6795, I experienced differing, inconclusive results; initially it appeared to exhibit the same behavior but on subsequent attempts it logged-out normally. In Mozilla Firefox 3.6pre I was unable to reproduce the issue.

    Researching internally, per case IDs #31553 and #33444, revealed the difficulty stems from browser-specific session handling when using HTTP Authentication. Additional informational reference: TrueHttpLogoutPatch - Trac Hacks - Plugins Macros etc. - Trac

    As a resolution I recommend switching to cookie-based log-ins for authentication; this may be configured via WHM Tweak Settings within the Security options. Tweak Settings
     

Share This Page