-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
issue 488 send to login screen on session expiration #518
base: issue-365-logout-backend
Are you sure you want to change the base?
Conversation
0aa6a74
to
62803e6
Compare
@vkorir Great work! I just tested this out. As our production server uses SCORE SSO, we should probably try getting the SCORE SSO cases working before merging these changes into develop. The current draft PR has the following effect:
Suggestions:
|
I was looking at SCORE authentication flow, and seems like we use HttpOnly cookies. This means it's inaccessible by JavaScript and there's not really a way to poll until when the session expires to redirect users. @geoffreykwan, can you confirm this? |
Yea we have HttpOnly cookies set to true for security purposes. Are you trying to handle the scenario where CK Board wants to check if the SCORE session is still alive? I just re-read through the comments in this PR #412 and I think we were able to get the SCORE session token string sent to CK Board and saved for later use. This way when a user logs out of CK Board, CK Board can also send a logout request to SCORE to tell SCORE to log out. I think you should be able to use this same process to have CK Board make a request to SCORE to check if the SCORE session is still alive. See the function here ck-board/backend/src/utils/auth.ts Lines 244 to 252 in 0a5dd94
You can check if a user is still logged into SCORE by making a request to If the SCORE user is logged in, you will get a response that looks like this If the SCORE user is logged out, you will get a response that looks like this |
62803e6
to
81b992d
Compare
81b992d
to
0522bcb
Compare
To test it, change this line to
date.setTime(date.getTime() + 5 * 1000);
Closes #488