Skip to content

Not able to logout and login after embedding Dashboard #33053

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
3 tasks done
devyash786 opened this issue Apr 9, 2025 · 2 comments
Open
3 tasks done

Not able to logout and login after embedding Dashboard #33053

devyash786 opened this issue Apr 9, 2025 · 2 comments
Labels
authentication Related to authentication embedded

Comments

@devyash786
Copy link

Bug description

I was using my backend to give the guest token to the frontend,
but I was getting
"error": "{"errors": [{"message": "400 Bad Request: The CSRF session token is missing.", "error_type": "GENERIC_BACKEND_ERROR", "level": "error", "extra": {"issue_codes": [{"code": 1011, "message": "Issue 1011 - Superset encountered an unexpected error."}]}}]}"

Then I had used CookieSession to maintain a session,
But after enabling this I am not able to logout from my superset.
I have implement OAUTH using azure

Screenshots/recordings

No response

Superset version

master / latest-dev

Python version

3.9

Node version

16

Browser

Chrome

Additional context

No response

Checklist

  • I have searched Superset docs and Slack and didn't find a solution to my problem.
  • I have searched the GitHub issue tracker and didn't find a similar bug report.
  • I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
@dosubot dosubot bot added authentication Related to authentication embedded labels Apr 9, 2025
@dosubot DosuBot
Copy link

dosubot bot commented Apr 9, 2025

I found some similar threads that might be helpful:

  1. 400 Bad Request: The CSRF session token is missing. - This discussion is open and might provide insights into handling CSRF token issues.

  2. Superset redirecting to login page very Frequently - This is another open discussion that could be relevant if you're experiencing frequent redirects.

  3. [QA][superset & keycloak] flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF token is missing. - This open discussion also deals with CSRF token issues.

To resolve the issue of not being able to logout after implementing OAUTH with Azure and using CookieSession, ensure that the CSRF token is properly fetched and included in the headers for requests that require it. Here are some steps you can follow:

  1. Ensure that the getCSRFToken() method is called before the logout request to fetch and set the CSRF token in the headers.

  2. Verify that the CSRF token is included in the headers of the logout request. The headers should include 'X-CSRFToken': this.csrfToken.

  3. Check if the session is properly maintained and that the CSRF token is not being cleared or invalidated prematurely [1].

To continue talking to Dosu, mention @dosu.

Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other

@rusackas
Copy link
Member

rusackas commented Apr 9, 2025

Is this effectively a duplicate of your CSRF issue from just yesterday?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
authentication Related to authentication embedded
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rusackas @devyash786