Open Closed

9.0.4 -> 9.2.3 upgrade #9707

User avatar
1
sghorakavi@cpat.com created
  • Steps to reproduce the issueTenant subdomain logout is not working. Tenant stays logged in always:
Go to accepted answer
116 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent
    • In ABP Framework, especially in multi-tenant subdomain scenarios, logout issues can occur if the session or authentication cookies are not properly invalidated across subdomains. This can result in users remaining logged in even after attempting to log out.

    To address this, ensure the following in your solution:

    1. Cookie Domain Configuration
      Set the authentication cookie domain to a common parent domain (e.g., .yourdomain.com) so that cookies are shared and invalidated across all subdomains (including tenant subdomains).
      In your AuthServer and MVC projects, configure the cookie options:
    services.ConfigureApplicationCookie(options =>
   {
       options.Cookie.Domain = ".yourdomain.com"; // Use your actual domain
   });

    1. Logout Endpoint and Session Termination
      Ensure that the logout endpoint invalidates the authentication session and removes cookies both on the server and client side.
      ABP's default logout may not always clear cookies for all subdomains. You may need to explicitly clear cookies with the correct domain and path.

    2. Cross-Subdomain Logout
      If you are using OpenIddict or IdentityServer, ensure the post_logout_redirect_uri and allowed logout URLs are correctly set for all subdomains in your client configuration.

    3. Known Issue
      There is a known issue in ABP regarding insufficient session termination on logout, which can cause the session to persist:

    4. Browser Cache and Cookie Path
      Make sure the browser is not caching authentication state and that the cookie path is set to / to cover all routes.

    5. Testing
      After making these changes, clear your browser cookies and test logout from different subdomains to ensure the session is properly terminated.

    Sources:

    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    sghorakavi@cpat.com created

    Cross-Subdomain Logout If you are using OpenIddict or IdentityServer, ensure the post_logout_redirect_uri and allowed logout URLs are correctly set for all subdomains in your client configuration. ?

  • User Avatar
    0
    sghorakavi@cpat.com created

    Tenant subdomain login is not showing login screen, logging in automatically. Logout is not working as well

    This issue is seen in 9.2.3 version. It worked fine in 9.0.4 version

    Without tenant subdomain, login and logout working fine

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you share some screenshots and all the website's debug logs?

    https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems

    liming.ma@volosoft.com Thanks.

  • User Avatar
    0
    sghorakavi@cpat.com created

    yes.. working on this

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Ok

    1
  • User Avatar
    0
    sghorakavi@cpat.com created

    It worked only first time when I try to login to tenant it asks for user name /pwd. Logout did not work. When trying to Logout from tenant, getting error: ** [Error] SessionId is null. It's not possible to revoke the session during sign out.**

    Host user can login/ logout fine Only Tenant user logout has issue.

    We use OpenIdDict, tenantsubdomain

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you share some screenshots and all the website's debug logs?

    https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems

    liming.ma@volosoft.com Thanks.

  • User Avatar
    0
    sghorakavi@cpat.com created

    sending you the file. Please let me know if you could get it.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You shared the har file. Can you also share the debug logs? see https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems

    Thanks.

  • User Avatar
    0
    sghorakavi@cpat.com created

    Try now, weblogs are shared. Thank you, Sudha

  • User Avatar
    0
    sghorakavi@cpat.com created

    do you need other logs ?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The error is AmbiguousMatchException: he request matched multiple endpoints

    Can you share the code of CustomLogout page?

    Thanks.

    2025-08-01 14:06:22.116 -05:00 [INF] Request starting HTTP/2 GET https://cpattest.auth.cpat.com:44346/CustomLogout - null null
2025-08-01 14:06:22.162 -05:00 [ERR] An unhandled exception has occurred while executing the request.
Microsoft.AspNetCore.Routing.Matching.AmbiguousMatchException: The request matched multiple endpoints. Matches: 

TMS_MVC.Web.Controllers.AccountController.LoginAsync (TMS_MVC.Web)
TMS_MVC.Web.Controllers.AccountController.LogoutAsync (TMS_MVC.Web)
TMS_MVC.Web.Controllers.AccountController.Logout (TMS_MVC.Web)
TMS_MVC.Web.Controllers.AccountController.AccessDeniedAsync (TMS_MVC.Web)
TMS_MVC.Web.Controllers.AccountController.ChallengeAsync (TMS_MVC.Web)
TMS_MVC.Web.Controllers.AccountController.FrontChannelLogoutAsync (TMS_MVC.Web)
TMS_MVC.Web.Controllers.AccountController.ImpersonateUserAsync (TMS_MVC.Web)
TMS_MVC.Web.Controllers.AccountController.DelegatedImpersonateAsync (TMS_MVC.Web)
TMS_MVC.Web.Controllers.AccountController.BackToImpersonatorAsync (TMS_MVC.Web)
TMS_MVC.Web.Controllers.AccountController.ImpersonateTenantAsync (TMS_MVC.Web)
   at Microsoft.AspNetCore.Routing.Matching.DefaultEndpointSelector.ReportAmbiguity(Span`1 candidateState)
   at 
2025-08-01 14:06:22.199 -05:00 [INF] Request finished HTTP/2 GET https://cpattest.auth.cpat.com:44346/CustomLogout - 500 null text/html; charset=utf-8 83.1091ms
  • User Avatar
    0
    sghorakavi@cpat.com created

    oh that code, I deleted it. Let me clean logs and resend you.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    ok, reproduce the error and share logs.txt again.

    Remember to set the log level to debug

    https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems

    Thanks.

  • User Avatar
    0
    sghorakavi@cpat.com created

    I changed log like below: Log.Logger = new LoggerConfiguration() .MinimumLevel.Debug() .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning) .MinimumLevel.Override("OpenIddict", LogEventLevel.Verbose) .Enrich.FromLogContext() .WriteTo.Async(c => c.File("Logs/logs.txt")) .WriteTo.Async(c => c.Console()) .CreateBootstrapLogger(); You got new file

  • User Avatar
    0
    sghorakavi@cpat.com created

    sent you auth server logs. Will send you api logs as well

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    When trying to Logout from tenant, getting error:

    Is there anything else other than this error log?

    Does it break any functionality?

    Thanks.

  • User Avatar
    0
    sghorakavi@cpat.com created

    We have subdomain tenant. When I logout from tenant, it is not working. Tenant stayes logged in always.

    Thats when we saw this error "SessionId is null. It's not possible to revoke the session during sign out."

  • User Avatar
    0
    sghorakavi@cpat.com created

    create Tenant -> Login -> Login screen comes up -> I login all good Logout this tenant -> Does not work i.e. next time try to login, it is already logged in.It does not ask for user name/password

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you share an online website?

    Thanks.

  • User Avatar
    0
    sghorakavi@cpat.com created

    This code is not deployed yet. We are using 9.0.4 volo version and it is working fine. We need to fix this issue to deploy the project using 9.2.3. https://dev.appraoch.cpat.dev (Working with 9.0.4)

  • User Avatar
    0
    sghorakavi@cpat.com created

    How can I revoke session logic from the project ?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Your current error is unrelated to the session.

    I think it's about the subdomain and cookies.

    Can you publish it online temporarily? After I've checked, you can stop it.

    Or how can I reproduce it in my local?

    Thanks.

  • User Avatar
    0
    sghorakavi@cpat.com created

    Let me try to publish tomorrow. Now my team is offline. I will ping you tomorrow after I can publish it.

    I do not know if you can duplicate with the sample, You can try as well. we have subdomain tenant. Login to tenant and cannot logout from tenant. for example: cpattest.dev.approach.cpat.dev-> login -> we ask for user name/pwd ->logout->next time from landing page try to login-> it is always logged in. It will not ask for user name/pwd. if you login to host->logout and login again working fine.

    What are the areas, I need to debug ? Should I change any code in Auth server ?

    Thank you, Sudha

Assignee
User avatar maliming
Question details
Labels
None yet
Learn More, Pay Less
33% OFF
All Trainings!
Get Your Deal
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on September 12, 2025, 10:20