Problem: How do we log a user out offline?
In this quick post, developer Megan Parkes explains how the Glean Engineering Team solved a head-scratcher...


The first in our new series from Glean's Engineering Team focuses on a practical problem - how can we log a user out if they're offline?
Imagine this...
You're happily using Glean offline in the browser (thanks to service workers!). You've finished your lecture for the day and want to log out of your account. Online, this would be a well travelled path; you hit logout, a request is fired to a service, and responds expiring your cookie for you, logging you out.

The problem
Offline, this is a bit harder! We can’t get a response to our request as there is no network, so how can we expire the cookie?
Could we expire it via the client? Unfortunately not, as it is a cookie with a http only flag. Could we remove the http only flag? Maybe not, as it can make us vulnerable to cross site scripting attacks.
Our solution
The solution we settled on is to require two cookies with different tokens for authentication. One with the http only flag and one not. This allows us to expire the one with no http only flag when the user is offline, meaning they can be logged out successfully!

TL;DR
Online logout:
- POST /logout which responds and expires the authentication cookie.
Offline logout issues:
- Can’t post /logout as no network.
- Can’t expire a cookie from javascript as it has a http only flag.
Solution:
- 2 cookies with different tokens required for authentication: one with a http only flag, the other without one
- When a user logs out offline, manually expire the non http only cookie from the client.
Could you be our next dev?
At Team Glean, we're always on the lookout for talented people to join us.
To learn more about working with us, and to see the latest opportunities, follow the link below!
More from Tech Blog
View All
Why we created an incident process and why you need one too
In this blog, Gwen takes us through what you need to consider when writing an incident process

From Coding Bootcamp to joining Glean: The first few months
Team Glean's Joss talks through his journey from Coding Bootcamp to working at Glean as a Software Developer

Glean vs. the universe
In which developer Chris Moore persuasively argues that a recent Glean glitch was caused by… the sun?