Streamlit-Authenticator - keyError on logout

I implemented auth support for the streamlit app based on the example - Streamlit-Authenticator, Part 1: Adding an authentication component to your app (exactly how it is.
and it is working … untill I decided to open two sessions with different usernames.
in that case, when I press logout button, i got the error

KeyError : "myapp_cookie"

the only difference, that I use sidebar to place the logout button.
Any recommendation how to fix that?

What version of streamlit-authenticator do you use?

streamlit-authenticator~=0.3.1

The error is caused by deleting a cookie (when users logged out) that was already deleted or not there anymore.

This is actually a weird bug, the steps are:

  1. User clicks the logout button
  2. The authenticator deletes the cookie for this particular session
  3. The cookie manager used by authenticator raises an exception KeyError telling the authenticator that the cookie was not there anymore, there is nothing to delete.

Was there a race condition?

This is a well known issue in github repo. For now you can bypass the error message with a try/except clause and continue the app’s execution. Rest assured that cookie is already deleted.

if st.session_state["authentication_status"]:
    try:
        authenticator.logout(location='main') 
    except KeyError:
        pass  # ignore it
    except Exception as err:
        st.error(f'Unexpected exception {err}')
        raise Exception(err)  # but not this, let's crash the app

Thank you! Yes, it fix the behavior with error displaying.
Lets have 2 users logged in. User_1 and User_2
If you logout under User_1 and refresh the page on User_2, User_2 will be logged out as well.
How can we be sure that sessions are different for each of users?

You may check Getting random_cookie_name error Β· Issue #134 Β· mkhorasani/Streamlit-Authenticator Β· GitHub
there are some discussions/solutions inside this post.

1 Like

thank you for the link!
funny story, problem was reported 3 years ago and still there …

Are the users on separate computers?

No. Same comp, same browser. Different pages.

That is expected because of same comp and browser. Although on different tabs or pages, they are using the same browser and there is only one cookie used by authenticator on that browser on that comp, so deleting the cookie would wipe out all the entries in that cookie.

However if you create a new profile window (say guest) on same comp and browser (using google chrome) logging out in one window will not affect the other user in another window. So this is truly a different browser session and cookies are not shared. The same behavior is shown by multiple google account log in.

BTW there is a new version of authenticator.

thanks, clear!

upgraded to latest auth and Hasher disappeared! didn’t find in changes note about.

AttributeError: module 'streamlit_authenticator' has no attribute 'Hasher'

to fix code to new structure, you have to use:

from streamlit_authenticator.utilities import hasher

I suppose, docs must be rewrote as well