From b0de5fa2c43ecb2a9dd6b23682f5147669d7fa7e Mon Sep 17 00:00:00 2001
From: Lisa Kim <lisa@goteleport.com>
Date: Tue, 11 Jun 2024 10:47:34 -0700
Subject: [PATCH] Web: Fix not being able to logout from session invalidation
 error (#42470) (#42655)

---
 lib/web/apiserver.go | 12 +++++++++++-
 lib/web/sessions.go  |  4 +---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go
index 94fd57fa671d0..6bc651b45c5c6 100644
--- a/lib/web/apiserver.go
+++ b/lib/web/apiserver.go
@@ -2054,7 +2054,17 @@ func (h *Handler) deleteWebSession(w http.ResponseWriter, r *http.Request, _ htt
 
 func (h *Handler) logout(ctx context.Context, w http.ResponseWriter, sctx *SessionContext) error {
 	if err := sctx.Invalidate(ctx); err != nil {
-		return trace.Wrap(err)
+		h.log.
+			WithError(err).
+			WithField("user", sctx.GetUser()).
+			Warn("Failed to invalidate sessions")
+	}
+
+	if err := h.auth.releaseResources(sctx.GetUser(), sctx.GetSessionID()); err != nil {
+		h.log.
+			WithError(err).
+			WithField("session_id", sctx.GetSessionID()).
+			Debug("sessionCache: Failed to release web session")
 	}
 	ClearSession(w)
 
diff --git a/lib/web/sessions.go b/lib/web/sessions.go
index 73658b9e66a0c..d377528fa30e7 100644
--- a/lib/web/sessions.go
+++ b/lib/web/sessions.go
@@ -863,9 +863,7 @@ func (s *sessionCache) invalidateSession(ctx context.Context, sctx *SessionConte
 	if err := clt.DeleteUserAppSessions(ctx, &proto.DeleteUserAppSessionsRequest{Username: sctx.GetUser()}); err != nil {
 		return trace.Wrap(err)
 	}
-	if err := s.releaseResources(sctx.GetUser(), sctx.GetSessionID()); err != nil {
-		return trace.Wrap(err)
-	}
+
 	return nil
 }