amazon-archives / aws-cognito-angular-quickstart

An Angular(v5)-based QuickStart single-page app utilizing Amazon Cognito, S3, and DynamoDB (Serverless architecture)
https://cognito.budilov.com
Apache License 2.0
689 stars 302 forks source link

UserLoginService.logout() does not effectively sign out if Local Storage is used #80

Open knakada opened 7 years ago

knakada commented 7 years ago

I had a pretty simple use case where I just wanted to logout. When I route to /logout, the LogoutComponent calls the UserLoginService's logout() method. However, this then reroutes to Home. Which goes through the whole "am I logged in? if no /login else, let it go through" logic.

However due to the way the UserLoginService deems a user to be "logged in", we end up recreating a cached user from the cached data in Local Storage, etc etc (same code path as when we navigate after already being logged in).

So even after logout() is called, I'm basically deemed still "logged in (meaning I still have full access to all the secured routes)

I had to do the following so that my user authentication didn't get "resurrected". (Please note I'm using Angular so this is in Typescript)

let clientId = this.cognitoUtil.getUserPool().getClientId();
this.cognitoUtil.getCurrentUser().globalSignOut(cb);
if (AWS.config.credentials && AWS.config.credentials instanceof AWS.CognitoIdentityCredentials) {
    let cognitoCredentials: AWS.CognitoIdentityCredentials = AWS.config.credentials;
    cognitoCredentials.clearCachedId();
}
const lastUserKey = 'CognitoIdentityServiceProvider.' + clientId + '.LastAuthUser';
window.localStorage.removeItem(lastUserKey);
aaaguirrep commented 6 years ago

Hi, where do you applied the code?

I am having an issue, the session is not closing when I close the browser. I open the browser after two or three days and the session is active.

I don't know if your code apply for my issue.