Menas - JWT cookie not removed when logout performed

[miroslavpojer]

Describe the bug

When user perform Logout then JWT cookie persist in browser. When page refresh happen then user can see main page again without login action. The visible page is without data and not usable.

To Reproduce

Steps to reproduce the behavior OR commands run: Expectation:

• No JWT cookie is present.
• Menas DB is not empty.

1. User does login (JWT cookie persisted)
2. User sees main page with Totals with non zero tiles.
3. User does Logout (JWT cookie still persisted)
4. User sees Login page
5. User refreshes the page
6. User sees main page with Totals with zero tiles.

Expected behavior

After user Logout the JWT cookie does not exist.

Screenshots

Application state after refresh.

Desktop (please complete the following information):

• Observed on browsers: Brave 1.43.93, Chrome 103.0.5060.114 , Edge 105.0.1343.33
• Observed on Windows 10

[jakipatryk]

Which branch is it on? I'm unable to reproduce, when I do logout and refresh it says "Session has expired" and I'm being redirected to login page.

[miroslavpojer]

Which branch is it on? I'm unable to reproduce, when I do logout and refresh it says "Session has expired" and I'm being redirected to login page.

An issue has been found develop branch.

[jakipatryk]

On develop it works for me.

System: MacOS 12.5.1 Tomcat: 9.0.65 Browser: Chrome 105.0.5195.102

[jakipatryk]

With #2142 merged this should be fixed (as it removes JWT from cookies totally).

[miroslavpojer]

With #2142 merged this should be fixed (as it removes JWT from cookies totally).

I will re-test it.

Edit: #2142 has been re-tested (feature/2131-review-csrf-and-jwt-tokens-usage) on Brave, Chrome and Edge. JWT cookies is being removed during logout. Problem reported by this issue is not more visible.