Hi,
I'm getting a security exception error after logging out. When logging out, the user gets redirected to the login page and after that the global exception handler kicks in and is telling that a certain role is required. Ofcourse, if the application checks for a role it's throwing an exception. But I don't understand why the application is checking for a role and which screen. My guess is my home screen since it doesn't include the anonymous and registered role.
Below an image of the logout action and the global exception handler.
We don't check manually for roles in the application. Only through screens.
We also have all roles checked on the login screen.
Also I noticed that we've set Log Error to False on the security exception. But it's still logging to our log in outsystems.
Regards,
Bo
Hi @Bo Menick,
Anonymous and Registered roles are not mandatory when you are using any custom-defined role.
are you using SSO to login?
attach your oml to check further
Hi Aadhavan,
Yes, we are using SSO to login. And it's not possible for us to share our oml. So that's why I tried to replicate it on a different module but that didn't work. I will try it once more today or tomorrow.
Hello BO,
Did you looked into the errors logs into the Service center? Please see if there is anything logged related to this issue. Also, try to debug and check the flow of your code after log out and see if you find anything wrong there. Kindly refer the below link as well for Security exception.
https://success.outsystems.com/Documentation/11/Developing_an_Application/Implement_Application_Logic/Handle_Exceptions?
And found another post related to your problem.
https://www.outsystems.com/forums/discussion/64852/regarding-user-exception/
Thanks & Kind Regards,
Sachin
Hi Sachin,
Yes I did look into the error logs and I can see it came from our homescreen and a webblock called ValidateSession which validates a custom session.
This webblock has been added to every layout because we need to check on every screen if a custom user has a valid session. If not, the custom user needs to be logged out. The webblock does not contain any input parameters, but instead it uses a client variable that holds the session value. The webblock just looks into the database entity if the session exists and if not, the custom user gets logged out and throws an error "Invalid Session" in the OnAfterFetch event. This webblock is only for custom users and thus is not included in the layout if it is an OS user. (Like in my case) I checked if the webblock in a weird way just loaded in, but it didn't.
I also debugged it yesterday step-by-step but the problem with that is that I cannot find out what is causing the Global Exception handler to getting hit. Because when debugging step-by-step. Right after the navigation to the login screen the global exception handler gets hit. (The first images display the navigation to the login screen and the exception).
This only happens when logging out with an outsystems user. Not with a custom user.
Could it be that the homescreen gets refreshed after logging out and that the global exception handler gets triggered because it sees that I don't have any roles anymore ? And right after triggering the global exception the navigation happens ?