Web: Fix not being able to logout from session invalidation error (#4…

…2470) (#42654)
gravitational · Jun 11, 2024 · 29e2b14 · 29e2b14
1 parent d6e91a5
commit 29e2b14
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go
@@ -2162,7 +2162,17 @@ func (h *Handler) deleteWebSession(w http.ResponseWriter, r *http.Request, _ htt
 
 func (h *Handler) logout(ctx context.Context, w http.ResponseWriter, sctx *SessionContext) error {
 	if err := sctx.Invalidate(ctx); err != nil {
-		return trace.Wrap(err)
+		h.log.
+			WithError(err).
+			WithField("user", sctx.GetUser()).
+			Warn("Failed to invalidate sessions")
+	}
+
+	if err := h.auth.releaseResources(sctx.GetUser(), sctx.GetSessionID()); err != nil {
+		h.log.
+			WithError(err).
+			WithField("session_id", sctx.GetSessionID()).
+			Debug("sessionCache: Failed to release web session")
 	}
 	clearSessionCookies(w)
 

diff --git a/lib/web/sessions.go b/lib/web/sessions.go
@@ -873,14 +873,8 @@ func (s *sessionCache) invalidateSession(ctx context.Context, sctx *SessionConte
 	}); err != nil && !trace.IsNotFound(err) {
 		sessionDeletionErrs = errors.Join(sessionDeletionErrs, err)
 	}
-	if sessionDeletionErrs != nil {
-		return trace.Wrap(sessionDeletionErrs)
-	}
 
-	if err := s.releaseResources(sctx.GetUser(), sctx.GetSessionID()); err != nil {
-		return trace.Wrap(err)
-	}
-	return nil
+	return trace.Wrap(sessionDeletionErrs)
 }
 
 func (s *sessionCache) getContext(key string) (*SessionContext, bool) {