damir/pgz-sport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1bc30d78819ee4c1f4e13cb1f4eabea725b902c6
pgz-sport/_audit/playwright_20260505_0923/m02_mobile_app.png
T
damir e07292ba44 logout() proper fix: revoke backend + clear ALL session keys 
Old logout() was demo placeholder:
- only cleared 'app-role' + 'jwt' (NOT pgz_access/refresh/user)
- did NOT call POST /auth/logout to revoke JWT
- redirected to /static/sport2.html (wrong)

New logout() now:
1. POST /auth/logout to revoke JWT server-side
2. Clear ALL keys: pgz_access, pgz_refresh, pgz_user, app-role, jwt, access_token, refresh_token, pgz_session_id (both localStorage + sessionStorage)
3. Redirect to /login

Verified by Playwright E2E: token absent after logout.
2026-05-05 09:24:12 +02:00

343 KiB
750x3964px
Raw History

/damir/pgz-sport/raw/commit/1bc30d78819ee4c1f4e13cb1f4eabea725b902c6/_audit/playwright_20260505_0923/m02_mobile_app.png
Reference in New Issue View Git Blame Copy Permalink