Merge pull request #45 from Authress/force-session-check

Reset the last Session Check back to zero on logout.
Authress · Aug 16, 2024 · fae6578 · fae6578
2 parents 74494df + 13be5ce
commit fae6578
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@ This is the changelog for [Authress Login](readme.md).
 * Also remove the `AuthUserId` cookie when removing other cookies.
 * Add `antiAbuseHash` generation as part of authentication requests
 * clear the `nonce` and `iss` parameters from the URL when they are set.
+* [Fix] Force a sessionCheck after a logout.
 
 ## 2.4 ##
 * Prevent silent returns from `authenticate` when a different connectionId is used to have the user log in.

diff --git a/src/index.js b/src/index.js
@@ -707,6 +707,7 @@ class LoginClient {
     if (this.enableCredentials) {
       try {
         await this.httpClient.delete('/session', this.enableCredentials);
+        this.lastSessionCheck = 0;
         if (redirectUrl && redirectUrl !== windowManager.getCurrentLocation().href) {
           windowManager.assign(redirectUrl);
         }
@@ -718,6 +719,11 @@ class LoginClient {
     fullLogoutUrl.searchParams.set('redirect_uri', redirectUrl || windowManager.getCurrentLocation().href);
     fullLogoutUrl.searchParams.set('client_id', this.applicationId);
     windowManager.assign(fullLogoutUrl.toString());
+
+    this.lastSessionCheck = 0;
+
+    // Prevent the current UI from taking any action once we decided we need to log out.
+    await new Promise(resolve => setTimeout(resolve, 500));
   }
 }