starred/cloudbeaver

Fork 0

mirror of https://github.com/dbeaver/cloudbeaver.git synced 2026-04-25 21:56:01 +03:00

[GH-ISSUE #3811] Change user session when using reverse proxy login #1328

New issue

Closed

opened 2026-03-07 21:02:28 +03:00 by kerem · 5 comments

kerem commented

2026-03-07 21:02:28 +03:00

Owner

Originally created by @leminh1545 on GitHub (Oct 8, 2025).
Original GitHub issue: https://github.com/dbeaver/cloudbeaver/issues/3811

08-10-2025 08:13:34.752 [qtp1137401656-256] DEBUG i.c.server.graphql.GraphQLEndpoint - API > openSession [user: testadmin@ngs.com, sessionId: 45eaf9a5-e9dc-410d-9006-ebf9fde6a2a4]
08-10-2025 08:13:34.754 [qtp1137401656-256] DEBUG i.c.service.auth.RPSessionHandler - Attempting to authenticate user 'testcb1@ngs.com' with teams [admin] through reverse proxy
08-10-2025 08:13:34.757 [qtp1137401656-90] DEBUG i.c.server.graphql.GraphQLEndpoint - API > navNodeChildren [user: testadmin@ngs.com, sessionId: a000fcdc-d930-4c7d-9039-41e214219c39]
08-10-2025 08:13:34.759 [qtp1137401656-256] DEBUG i.c.service.auth.RPSessionHandler - Successful reverse proxy authentication: user 'testcb1@ngs.com' with teams [admin]
08-10-2025 08:13:34.985 [qtp1137401656-51] DEBUG i.c.s.websockets.CBEventsWebSocket - EventWebSocket connected to the tbvsfigibqe7jxr5540bmdmg39 session
08-10-2025 08:13:34.996 [qtp1137401656-250] DEBUG i.c.server.graphql.GraphQLEndpoint - API > navGetStructContainers [user: testadmin@ngs.com, sessionId: a000fcdc-d930-4c7d-9039-41e214219c39]

Hi @EvgeniaBzzz,

I'm facing an issue when embebding cloudbeaver community through iframe into my web and login user by reverse proxy. On the web console, when I logout the old user (testadmin) and login the new user (testcb) but user session doesn't change and processing with old session.

I'm trying call logout request to cloudbeaver backend when logout user in my web but have problem with cb-session-id share site.

How can I slove it?

Originally posted by @leminh1545 in #3781

Originally created by @leminh1545 on GitHub (Oct 8, 2025). Original GitHub issue: https://github.com/dbeaver/cloudbeaver/issues/3811 > ``` > 08-10-2025 08:13:34.752 [qtp1137401656-256] DEBUG i.c.server.graphql.GraphQLEndpoint - API > openSession [user: testadmin@ngs.com, sessionId: 45eaf9a5-e9dc-410d-9006-ebf9fde6a2a4] > 08-10-2025 08:13:34.754 [qtp1137401656-256] DEBUG i.c.service.auth.RPSessionHandler - Attempting to authenticate user 'testcb1@ngs.com' with teams [admin] through reverse proxy > 08-10-2025 08:13:34.757 [qtp1137401656-90] DEBUG i.c.server.graphql.GraphQLEndpoint - API > navNodeChildren [user: testadmin@ngs.com, sessionId: a000fcdc-d930-4c7d-9039-41e214219c39] > 08-10-2025 08:13:34.759 [qtp1137401656-256] DEBUG i.c.service.auth.RPSessionHandler - Successful reverse proxy authentication: user 'testcb1@ngs.com' with teams [admin] > 08-10-2025 08:13:34.985 [qtp1137401656-51] DEBUG i.c.s.websockets.CBEventsWebSocket - EventWebSocket connected to the tbvsfigibqe7jxr5540bmdmg39 session > 08-10-2025 08:13:34.996 [qtp1137401656-250] DEBUG i.c.server.graphql.GraphQLEndpoint - API > navGetStructContainers [user: testadmin@ngs.com, sessionId: a000fcdc-d930-4c7d-9039-41e214219c39] > ``` > Hi @EvgeniaBzzz, > > I'm facing an issue when embebding cloudbeaver community through iframe into my web and login user by reverse proxy. On the web console, when I logout the old user (testadmin) and login the new user (testcb) but user session doesn't change and processing with old session. > > I'm trying call logout request to cloudbeaver backend when logout user in my web but have problem with cb-session-id share site. > > How can I slove it? _Originally posted by @leminh1545 in [#3781](https://github.com/dbeaver/cloudbeaver/issues/3781#issuecomment-3380371304)_

kerem

2026-03-07 21:02:28 +03:00

closed this issue
added the
xf:authentication
label

kerem commented

2026-03-07 21:02:29 +03:00

Author

Owner

@leminh1545 commented on GitHub (Oct 22, 2025):

I realize that the session need to be call logout from cloudbeaver web not straight to cloudbeaver backend so that log out the current user session. Therefor, I can control it from my system web by post-message to cloudbeaver web to log out user, so this problem has been resolved.

@leminh1545 commented on GitHub (Oct 22, 2025): I realize that the session need to be call logout from cloudbeaver web not straight to cloudbeaver backend so that log out the current user session. Therefor, I can control it from my system web by post-message to cloudbeaver web to log out user, so this problem has been resolved.

kerem commented

2026-03-07 21:02:29 +03:00

Author

Owner

@EvgeniaBzzz commented on GitHub (Oct 22, 2025):

Thanks for the update

@EvgeniaBzzz commented on GitHub (Oct 22, 2025): Thanks for the update

kerem commented

2026-03-07 21:02:30 +03:00

Author

Owner

@tyuhasbio5 commented on GitHub (Nov 6, 2025):

Hi @leminh1545 , we're using a home-made reverse proxy setup with nginx and are running into the same issue as you did with a new login bringing up the previous login's session. We are using Logout from the CloudBeaver web interface but are unsure what the endpoint for logout-url needs to happen for the session to end. If you wouldn't mind going a bit more into "by post-message to cloudbeaver web to log out user"? Thanks!

@tyuhasbio5 commented on GitHub (Nov 6, 2025): Hi @leminh1545 , we're using a home-made reverse proxy setup with nginx and are running into the same issue as you did with a new login bringing up the previous login's session. We are using Logout from the CloudBeaver web interface but are unsure what the endpoint for logout-url needs to happen for the session to end. If you wouldn't mind going a bit more into "by post-message to cloudbeaver web to log out user"? Thanks!

kerem commented

2026-03-07 21:02:30 +03:00

Author

Owner

@leminh1545 commented on GitHub (Nov 7, 2025):

Hi @tyuhasbio5, I can provide for you as below:
To logout Cloudbeaver user session you need to call log-out api like this or use Cloudbeaver method if you could, but need to do on Cloudbeaver FE by including session information (credentials: "include")

async function logoutCloudbeaver(token) {
    try {
      const resp = await fetch("/api/gql", {
        method: "POST",
        credentials: "include",
        headers: {
          "Content-Type": "application/json",
          //"Authorization": `Bearer ${token}`,
        },
        body: JSON.stringify({
          query: `
            query authLogout(
              $provider: ID,
              $configuration: ID
            ) {
              authLogout(
                provider: $provider,
                configuration: $configuration
              )
            }
          `,
          variables: {},
          operationName: "authLogout"
        }),
      });

      console.log("[CB-LOGOUT] Fetch completed, status:", resp.status);

      if (!resp.ok) {
        console.error("[CB-LOGOUT] Logout failed:", resp.status, await resp.text());
        return;
      }

      const json = await resp.json();
      window.location.reload();
    } catch (error) {
      console.error("[CB-LOGOUT] Network or fetch error:", error);
    }
  }
}

With our system, we have built the main web with a domain https://... and Cloudbeaver web to another domain, then embbebed Cloudbeaver FE web by using Iframe Embbeding. So, our post-message method is sending a signal from the main web to Cloudbeaver FE web to log-out the current user login via reverse-proxy. Code as below:

function notifyCloudBeaverLogout() {
  return new Promise((resolve) => {
    const iframe = document.getElementById("cloudbeaver-iframe");
    if (!iframe || !iframe.contentWindow) {
      resolve(false);
      return;
    }

    iframe.contentWindow.postMessage(
      { type: "CLOUDBEAVER_LOGOUT" },
      "https://cloudbeaver-dev...."
    );

    console.log("postMessage sent!");
    setTimeout(() => resolve(true), 50);
  });
}

@leminh1545 commented on GitHub (Nov 7, 2025): Hi @tyuhasbio5, I can provide for you as below: To logout Cloudbeaver user session you need to **call log-out api** like this or use Cloudbeaver method if you could, but need to do on Cloudbeaver FE by including session information (**credentials: "include"**) ``` async function logoutCloudbeaver(token) { try { const resp = await fetch("/api/gql", { method: "POST", credentials: "include", headers: { "Content-Type": "application/json", //"Authorization": `Bearer ${token}`, }, body: JSON.stringify({ query: ` query authLogout( $provider: ID, $configuration: ID ) { authLogout( provider: $provider, configuration: $configuration ) } `, variables: {}, operationName: "authLogout" }), }); console.log("[CB-LOGOUT] Fetch completed, status:", resp.status); if (!resp.ok) { console.error("[CB-LOGOUT] Logout failed:", resp.status, await resp.text()); return; } const json = await resp.json(); window.location.reload(); } catch (error) { console.error("[CB-LOGOUT] Network or fetch error:", error); } } } ``` With our system, we have built the main web with a domain https://... and Cloudbeaver web to another domain, then embbebed Cloudbeaver FE web by using Iframe Embbeding. So, our **post-message method** is sending a signal from the main web to Cloudbeaver FE web to log-out the current user login via reverse-proxy. Code as below: ``` function notifyCloudBeaverLogout() { return new Promise((resolve) => { const iframe = document.getElementById("cloudbeaver-iframe"); if (!iframe || !iframe.contentWindow) { resolve(false); return; } iframe.contentWindow.postMessage( { type: "CLOUDBEAVER_LOGOUT" }, "https://cloudbeaver-dev...." ); console.log("postMessage sent!"); setTimeout(() => resolve(true), 50); }); } ```

kerem commented

2026-03-07 21:02:30 +03:00

Author

Owner

@tyuhasbio5 commented on GitHub (Nov 7, 2025):

Thanks @leminh1545 ! This is extremely helpful as so far everything we tried did not log a user out from the CB session

@tyuhasbio5 commented on GitHub (Nov 7, 2025): Thanks @leminh1545 ! This is extremely helpful as so far everything we tried did not log a user out from the CB session

kerem referenced this issue

2026-03-07 21:08:51 +03:00

[PR #1328] [MERGED] CB-2905 load projects info on form init #2418