Hi @sumeyye.kurtulus.
I have removed our custom code in the app.component.ts trying to isolate the problem.
Below are the references to this version of app.component.ts and route.provider.ts.
The behavior is a bit different now: there is no Antiforgery token exception. But the passive second tab remains intact while a user is being logged-in in the first tab. And after I try to log in manually from there, there is a cyclical re-login process in BOTH tabs being started.
I would like to drill down to find the root cause. But so far I have no clue - as you can see this is not a permissions issue, I have removed our custom permission guards. Should I share some other files, e.g. HTTP interceptors?
https://drive.google.com/file/d/11YMuPWKR2Cpl5hILjp729QnwsEmJee_3/view?usp=sharing https://drive.google.com/file/d/11Z0YjrwSvSHsypdHfEF7j84-SzC3CiMM/view?usp=sharing
I've tried your approach. The behaviour has now changed. And when I try to log in from the second tab after I have already logged in from the first, I now see a cyclical process of re-logging in both tabs that never ends.
Also, I do not think it is a good idea to turn off Antiforgery.
So I'd prefer to wait until this multitab login problem is fixed in ABP, as your colleagues have already mentioned.
@maliming sorry - for some reason the log really did not contain the exceptions. I made a fresh test and prepared the logs of both OpenID server and AppServer. The latter one might be non-relevant, it just shows how requests try to access the back-end even after the logout (and getting non-authorized exception) - I did not manage to find the way to unsubscribe properly: https://drive.google.com/file/d/11InoAogKz83idmrKcEdvbp9Eciw6VE2u/view?usp=sharing https://drive.google.com/file/d/11JSdq3tG2jq8RizV0_MTdwiwVXz5Hc8_/view?usp=sharing
You can consider disabling the anti-forgery check for the logout endpoint Can you share the logs.txt file? I will check and share the code to disable it.
https://drive.google.com/file/d/11InoAogKz83idmrKcEdvbp9Eciw6VE2u/view?usp=sharing
I do not know what exactly could cause such a discrepant behavior in our solution (i.e. why "tab-2 is not notified about the token update" if it expected to do so). We do not have any specific code handling AntiForgery token - neither on front-end, nor on back-end side.
For this reason, I have no idea which part of code I should share (I am not allowed to share the solution). I am sharing a couple of files which might be relevant:
Also, I want to inform you the OpenID server log does not contain any errors or exceptions. https://drive.google.com/file/d/11GlNoSNzpZ-DPH8Wa_i2PSN-EASfRIp4/view?usp=sharing https://drive.google.com/file/d/11I0kgnxmXnlfYm7Ojh8nf3zIKBQKFTMU/view?usp=sharing
Maybe there is the way to track down the mentioned issue in some way?
It does not work, because in my case, this code is triggered only when I am being logged out, not when I am being logged-in.
In other words, visually the behavior of login process is the same as i have already described:
const tokenRemoved = event.newValue === null; line is invoked. The location.assign part is executed and I am logged out in both Tab 1 and Tab 2 and landed on the Login page of my OpenID server in both tabs;const tokenRemoved = event.newValue === null; is not invoked. I get error 400 as previously mentioned;Hi.
I wish I knew how to properly refresh an Antiforgery token in ABP solution.
By this moment, i have only noticed that this token is present as a hidden field in OpenID server login page.
But my guess is that it's too late to affect it there unless i am going to modify an OpenID login page directly with some js injection...
This time, I have run the code you suggested in ABP test solution. Suprisingly, I have found the discrepancy between the way your code behaves in ABP test solution and our solution:
Why your code behaves differently for both solutions - I have no idea. However, I am not allowed to share our project - I can only base on your suggestions if any.
I have tried this approach and it does not work: I am still getting error 400 in the second tab when trying to log in after the user has been logged in the first tab. So I'd better wait for the consistent and tested solution from your side.
I cannot find where should I reference LocalStorageListenerService from... Expected @abp/ng.core, but it is not there.
