- Issue created by @jurgenr
When redirecting after authentication, the checked_logged_in variable is not properly deleted from the Session object.
This causes an error message when logging out: 'To log in to this site, your browser must accept cookies from the domain ...'.
Add an URL other than the homepage on 'Redirect URL after user login' in the settings page (/admin/config/people/miniorange_2fa/login_settings).
Log in with 2FA
Log out, the user is redirected to the homepage, with querystring 'check_logged_in=1'. The error message is rendered.
In miniorange_authenticate.php a new RedirectResponse is initialised. However, the redirect is followed by an exit, which terminates any other services.
This causes the RedirectResponse to be handled as a HTMLResponse, which is since 10.3.3 unhandled by the protected function getUserFromSession(SessionInterface $session) method from Drupal\user\Authentication\Provider\Cookie.
Is there a specific reason to terminate the code after the sending the RedirectResponse?
Active
5.1
Code