Problem: How do we log a user out offline?
In this quick post, developer Megan Parkes explains how the Glean Engineering Team solved a head-scratcher...1 min read Published: 17 Aug 2021
The first in our new series from Glean's Engineering Team focuses on a practical problem - how can we log a user out if they're offline?
You're happily using Glean offline in the browser (thanks to service workers!). You've finished your lecture for the day and want to log out of your account. Online, this would be a well travelled path; you hit logout, a request is fired to a service, and responds expiring your cookie for you, logging you out.
Offline, this is a bit harder! We can’t get a response to our request as there is no network, so how can we expire the cookie?
Could we expire it via the client? Unfortunately not, as it is a cookie with a http only flag. Could we remove the http only flag? Maybe not, as it can make us vulnerable to cross site scripting attacks.
The solution we settled on is to require two cookies with different tokens for authentication. One with the http only flag and one not. This allows us to expire the one with no http only flag when the user is offline, meaning they can be logged out successfully!
- POST /logout which responds and expires the authentication cookie.
Offline logout issues:
- Can’t post /logout as no network.
- 2 cookies with different tokens required for authentication: one with a http only flag, the other without one
- When a user logs out offline, manually expire the non http only cookie from the client.
Could you be our next dev?
At Team Glean, we're always on the lookout for talented people to join us.
To learn more about working with us, and to see the latest opportunities, follow the link below!
More from Tech BlogView All
Why we created an incident process
In this blog, Gwen takes us through what you need to consider when writing an incident process
Bootcamp to Glean: The first few months
Team Glean's Joss talks through his journey from Coding Bootcamp to working at Glean as a Software Developer
Glean vs. the universe
In which developer Chris Moore persuasively argues that a recent Glean glitch was caused by… the sun?