Logout doesn't work

If the user clicks on the logout button, the cookie with the JWT should be deleted. Somehow it doesn't get deleted such that after the user navigates to another subpage he is logged in again.

added bug label

assigned to @daniel.goebel

By Daniel Göbel on 2022-12-13T10:37:17 (imported from GitLab)

The logout does work in a development environment on the local computer but fails in the staging environment.

Here is a comparison of the set-cookie header between the two environments

development: Set-Cookie: bearer=eyJhb...4gqwQ; Domain=localhost; Max-Age=11520; Path=/; SameSite=strict; Secure
staging: set-cookie: bearer=eyJhb...Vwmcc; Domain=s3proxy-staging.bi.denbi.de; Max-Age=11520; Path=/; SameSite=strict; Secure

The purpose of the particular attributes can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes

By Daniel Göbel on 2022-12-21T17:20:19 (imported from GitLab)

The Path attribute in the set-cookie header can be modified to point to a non-existing path. This ensures that the cookie would never be sent to the server since its only purpose is to safe it on the computer such that the frontend can read it and attach it anyway to every request to the API.
Then the cookie can't be read from the website.

By Daniel Göbel on 2022-12-28T16:50:32 (imported from GitLab)

created branch bugfix/26-logout-doesn-t-work to address this issue

By Daniel Göbel on 2022-12-21T17:34:13 (imported from GitLab)

mentioned in commit 8a5cf23d

By Daniel Göbel on 2022-12-28T16:58:18 (imported from GitLab)

unassigned @daniel.goebel

When removing the cookie, the domain name has to be explicitly set with window.location.hostname

cookies.remove("bearer", undefined, window.location.hostname)

created branch bugfix/26-logout-doesnt-work to address this issue

mentioned in merge request !73 (merged)

mentioned in commit d74add0e

mentioned in commit 745df9b9

closed with merge request !73 (merged)