Problem: How do we log a user out offline?
In this quick post, developer Megan Parkes explains how the Glean Engineering Team solved a head-scratcher...1 min read Published: 17 Aug 2021
The first in our new series from Glean's Engineering Team focuses on a practical problem - how can we log a user out if they're offline?
You're happily using Glean offline in the browser (thanks to service workers!). You've finished your lecture for the day and want to log out of your account. Online, this would be a well travelled path; you hit logout, a request is fired to a service, and responds expiring your cookie for you, logging you out.
Offline, this is a bit harder! We can’t get a response to our request as there is no network, so how can we expire the cookie?
Could we expire it via the client? Unfortunately not, as it is a cookie with a http only flag. Could we remove the http only flag? Maybe not, as it can make us vulnerable to cross site scripting attacks.
The solution we settled on is to require two cookies with different tokens for authentication. One with the http only flag and one not. This allows us to expire the one with no http only flag when the user is offline, meaning they can be logged out successfully!
- POST /logout which responds and expires the authentication cookie.
Offline logout issues:
- Can’t post /logout as no network.
- 2 cookies with different tokens required for authentication: one with a http only flag, the other without one
- When a user logs out offline, manually expire the non http only cookie from the client.
Could you be our next dev?
At Team Glean, we're always on the lookout for talented people to join us.
To learn more about working with us, and to see the latest opportunities, follow the link below!
More from Tech BlogView All
Dart Type Promotion
In this article, we'll walk you through a common issue with dart type promotion, showing you why it occurs and some ways to solve it.
Exploratory Testing at Glean
Zaryoon shares what Exploratory Testing is, and how it can be implemented in your tech teams to gain a deeper understanding of how your features work.
Thinking Fast & Slow
Lynn shares how the Engineering team are applying the principles of "Thinking Fast & Slow" to their everyday work!