pcb icon indicating copy to clipboard operation
pcb copied to clipboard

Published 20 hours ago verified publisher icon kiibohd

Go back in the browser after user logged out from app triggers the SW before any backend redirect

Open gazpachu opened this issue 7 years ago • 5 comments

I don't think this is an issue. It's more like a scenario that I'm wondering if it can be fixed with some proper settings.

The sequence is like this:

  • User logs in into the app
  • User logs out from the app
  • User lands in a landing page before the SSO
  • User clicks back in the browser
  • The app SW kicks in and displays the app (when it shouldn't because the user is logged out)
  • The backend redirect to lock the user in the pre-SSO page doesn't trigger because of the previous point

gazpachu avatar Jan 10 '18 14:01 gazpachu

Maybe switching off the SW when the user clicks on the logout button would fix the issue? How can I switch off the SW? There's no uninstall method

gazpachu avatar Jan 11 '18 09:01 gazpachu

Yes, if your ServiceWorker is login dependent you will need to remove it and/or properly handle caches, i.e. remove any sensitive data.

Here is an article about how to remove SW: https://medium.com/@nekrtemplar/self-destroying-serviceworker-73d62921d717

NekR avatar Jan 11 '18 14:01 NekR

@NekR Thanks, I've read your article and the readme of the Webpack version of the self-destroying plugin. I understand that I have to load it in my webpack config using:

plugins: [
  new RemoveServiceWorkerPlugin()
]

But, how do I execute it on my app when the user logs out?

With the offline plugin, there's a method I call to install the SW:

OfflinePluginRuntime.install({
    onUpdateReady: () => OfflinePluginRuntime.applyUpdate(),
    onUpdated: () => (window.swUpdate = true)
});

So I was expecting something similar for the self-destroying plugin. Otherwise, I'm not sure what's gonna happen if I load both plugins and the self-destroying plugin starts itself at the same time...

gazpachu avatar Jan 15 '18 09:01 gazpachu

You don't really have to follow that article in this case. You may just unregister ServiceWorker from not-logged-in page and register self destroying ServiceWorker, or actually just an empty one. Registration of real ServoceWorker will have to change too. It will need to unregister current SW I'd current one is empty one from not-logged-in page.

On Jan 15, 2018 12:24, "Joan Mira" [email protected] wrote:

@NekR https://github.com/nekr Thanks, I've read your article and the readme of the Webpack version of the self-destroying plugin. I understand that I have to load it in my webpack config using:

plugins: [ new RemoveServiceWorkerPlugin() ]

But, how do I execute it on my app when the user logs out?

With the offline plugin, there's a method I call to install the SW:

OfflinePluginRuntime.install({ onUpdateReady: () => OfflinePluginRuntime.applyUpdate(), onUpdated: () => (window.swUpdate = true) });

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/NekR/offline-plugin/issues/338#issuecomment-357625881, or mute the thread https://github.com/notifications/unsubscribe-auth/ABIlkXYlUP7kdSXqR1mmB6XiNf3bZqqRks5tKxk8gaJpZM4RZZNN .

NekR avatar Jan 15 '18 12:01 NekR

Sorry, I don't understand your last comment. I find some sentences a bit contradictory.

I was expecting this scenario (a website that requires authentication) to be quite common, but it seems that it hasn't been discussed much here and how to deal with it.

Would you mind please to write down a more detailed example? Thanks a lot

gazpachu avatar Jan 16 '18 09:01 gazpachu