Persistent failure_redirect_url

[SBurina]

TITLE:

Persistent failure_redirect_url​

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:

Plesk Onyx Version 17.5.3 Update #4, Debian 8, x86_64​

PROBLEM DESCRIPTION:

Hello!


I'm using the API to create a session and redirect the user from our site to Plesk panel. After the user logs out from Plesk and gets redirected back to the site, every subsequent attempt to access any Plesk page automatically redirects to the URL given initially in failure_redirect_url.

The only way to stop this behavior is to manually delete cookie(s) from the browser.​

STEPS TO REPRODUCE:

- Redirect the browser to Plesk panel using the session id obtained via the API call;
- Logout from Plesk; the browser is returned to the original page;
- Enter the Plesk URL manually in the address bar and try to access Plesk​

ACTUAL RESULT:

The browser is persistently redirected to the URL stored in the failure_redirect_url cookie.​

EXPECTED RESULT:

Plesk page should be shown in the browser.​

ANY ADDITIONAL INFORMATION:

​

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:

Help with sorting out​

 

[UFHH01]

Report already created => sw-cp-server "error_page 497" non-SSL to SSL redirect disfunctional in Plesk Onyx 17.5

Working work-around provided: => #30

 

[SBurina]

Hello!

I have implemented the proposed solution, but it did not solve the described problem.

After logging out from plesk, valid cookies "failure_redirect_url" and "failure_redirect_url_sign" still exist in the browser (they are not deleted or invalidated), but the session has been ended.

Every subsequent attempt to access Plesk directly results in redirection to the URL saved in "failure_redirect_url" cookie. Access to Plesk is possible only after the two cookies are manually removed from the browser storage.

Access to Plesk _is_ possible from another browser window or tab as long as the user stays logged in, that is, as long as the session created by API call is active.