Problem: How do we log a user out offline?
In this quick post, developer Megan Parkes explains how the Glean Engineering Team solved a head-scratcher...


The first in our new series from Glean's Engineering Team focuses on a practical problem - how can we log a user out if they're offline?
Imagine this...
You're happily using Glean offline in the browser (thanks to service workers!). You've finished your lecture for the day and want to log out of your account. Online, this would be a well travelled path; you hit logout, a request is fired to a service, and responds expiring your cookie for you, logging you out.

The problem
Offline, this is a bit harder! We can’t get a response to our request as there is no network, so how can we expire the cookie?
Could we expire it via the client? Unfortunately not, as it is a cookie with a http only flag. Could we remove the http only flag? Maybe not, as it can make us vulnerable to cross site scripting attacks.
Our solution
The solution we settled on is to require two cookies with different tokens for authentication. One with the http only flag and one not. This allows us to expire the one with no http only flag when the user is offline, meaning they can be logged out successfully!

TL;DR
Online logout:
- POST /logout which responds and expires the authentication cookie.
Offline logout issues:
- Can’t post /logout as no network.
- Can’t expire a cookie from javascript as it has a http only flag.
Solution:
- 2 cookies with different tokens required for authentication: one with a http only flag, the other without one
- When a user logs out offline, manually expire the non http only cookie from the client.
Could you be our next dev?
At Team Glean, we're always on the lookout for talented people to join us.
To learn more about working with us, and to see the latest opportunities, follow the link below!
More from Tech Blog
View All
Mobile Updates Roundup
We've made a lot of updates to our mobile app recently - read on to find out what's changed!

Exploratory Testing at Glean
Zaryoon shares what Exploratory Testing is, and how it can be implemented in your tech teams to gain a deeper understanding of how your features work.

Thinking Fast & Slow
Lynn shares how the Engineering team are applying the principles of "Thinking Fast & Slow" to their everyday work!