Logout fails in Turbogears 2.2.2

Question

I have app written in TG 2.2.2 with default authentication. Last days, I have problem with logging in and out. In safari, two authtkt cookies are created, one as "beta.domain.com", other ".beta.domain.com". After calling /logout_handler, cookie for domain "beta.domain.com" is deleted only but for wild domain remains. So after reloading page, user is still logged in. Problem is occuring on localhost as well on production.

Interesting is that other application on same lib version works normally, as well in other browsers, no virtualenv used.

I really don't know where the problem is so I will include any config file when requested. At beggining, app_config is included.

app_cfg.py

# -*- coding: utf-8 -*-
from tg.configuration import AppConfig

import cafeteria
from cafeteria import model
from cafeteria.lib import app_globals, helpers

base_config = AppConfig()
base_config.renderers = []
base_config.prefer_toscawidgets2 = True

base_config.package = cafeteria

base_config.renderers.append('json')

base_config.renderers.append('mako')
base_config.default_renderer = 'mako'

base_config.use_sqlalchemy = True
base_config.model = cafeteria.model
base_config.DBSession = cafeteria.model.DBSession
# Configure the authentication backend

# YOU MUST CHANGE THIS VALUE IN PRODUCTION TO SECURE YOUR APP
base_config.sa_auth.cookie_secret = "SOMESECRET"

base_config.auth_backend = 'sqlalchemy'

from tg.configuration.auth import TGAuthMetadata

# This tells to TurboGears how to retrieve the data for your user
class ApplicationAuthMetadata(TGAuthMetadata):
    def __init__(self, sa_auth):
        self.sa_auth = sa_auth
    def get_user(self, identity, userid):
        return self.sa_auth.dbsession.query(self.sa_auth.user_class).filter_by(user_name = userid).first()
    def get_groups(self, identity, userid):
        return (identity['user'].group.name,) if identity['user'].group_id else []
    def get_permissions(self, identity, userid):
        return [p.name for p in identity['user'].group.permissions] if identity['user'].group_id else []


base_config.sa_auth.dbsession = model.DBSession
base_config.sa_auth.user_class = model.User
# base_config.sa_auth.group_class = model.Group
# base_config.sa_auth.permission_class = model.Permission

base_config.sa_auth.translations.group_name = 'name'
base_config.sa_auth.translations.permission_name = 'name'

base_config.sa_auth.authmetadata = ApplicationAuthMetadata(base_config.sa_auth)

# base_config.sa_auth.authenticators = [('myauth', SomeAuthenticator()]
# base_config.sa_auth.mdproviders = [('myprovider', SomeMDProvider()]

base_config.sa_auth.form_plugin = None
base_config.sa_auth.charset = 'utf-8'
base_config.sa_auth.post_login_url = '/post_login'
base_config.sa_auth.post_logout_url = '/post_logout'

Answer 1

1. Remove all cookies of your domain. when you change your domain old cookies still remains and could cause this issue.
2. Why do you use both beta.domain.com and .beta.domain.com? if you don't need to use this cookie in subdomains remove the 2nd one else just use the .beta.domain.com.

If this doesn't help please attach the request and response header.