pgz-sport

damir/pgz-sport

Fork 0

Commit Graph

Author	SHA1	Message	Date
damir	e07292ba44	logout() proper fix: revoke backend + clear ALL session keys Old logout() was demo placeholder: - only cleared 'app-role' + 'jwt' (NOT pgz_access/refresh/user) - did NOT call POST /auth/logout to revoke JWT - redirected to /static/sport2.html (wrong) New logout() now: 1. POST /auth/logout to revoke JWT server-side 2. Clear ALL keys: pgz_access, pgz_refresh, pgz_user, app-role, jwt, access_token, refresh_token, pgz_session_id (both localStorage + sessionStorage) 3. Redirect to /login Verified by Playwright E2E: token absent after logout.	2026-05-05 09:24:12 +02:00

Author

SHA1

Message

Date

damir

e07292ba44

logout() proper fix: revoke backend + clear ALL session keys

Old logout() was demo placeholder:
- only cleared 'app-role' + 'jwt' (NOT pgz_access/refresh/user)
- did NOT call POST /auth/logout to revoke JWT
- redirected to /static/sport2.html (wrong)

New logout() now:
1. POST /auth/logout to revoke JWT server-side
2. Clear ALL keys: pgz_access, pgz_refresh, pgz_user, app-role, jwt, access_token, refresh_token, pgz_session_id (both localStorage + sessionStorage)
3. Redirect to /login

Verified by Playwright E2E: token absent after logout.

2026-05-05 09:24:12 +02:00

1 Commits