Open simon-wacker opened 1 year ago
Currently, the cookie is added in https://github.com/building-envelope-data/metabase/blob/92a29b69c0d00d55877ad76f7c4289fd07d9df72/backend/src/GraphQl/Users/UserMutations.cs#L201, used in https://github.com/building-envelope-data/metabase/blob/92a29b69c0d00d55877ad76f7c4289fd07d9df72/backend/src/Controllers/AuthorizationController.cs#L153, and deleted in https://github.com/building-envelope-data/metabase/blob/92a29b69c0d00d55877ad76f7c4289fd07d9df72/backend/src/Controllers/AuthorizationController.cs#L363 and https://github.com/building-envelope-data/metabase/blob/92a29b69c0d00d55877ad76f7c4289fd07d9df72/backend/src/Controllers/AuthorizationController.cs#L373. In the user interface, this corresponds to navigating to /connect/authorize, being redirected to the login screen in which user name and password is entered, creating the cookie through the GraphQL endpoint, getting redirected to the consent page, and pressing the buttons accept or deny. If the user does not press accept or deny but just navigates to some other page, then the cookie is never deleted. It will stay as long as session cookies live in the user's web browser or until the user does another login attempt and presses accept or deny buttons.
/connect/authorize
Currently, the cookie is added in https://github.com/building-envelope-data/metabase/blob/92a29b69c0d00d55877ad76f7c4289fd07d9df72/backend/src/GraphQl/Users/UserMutations.cs#L201, used in https://github.com/building-envelope-data/metabase/blob/92a29b69c0d00d55877ad76f7c4289fd07d9df72/backend/src/Controllers/AuthorizationController.cs#L153, and deleted in https://github.com/building-envelope-data/metabase/blob/92a29b69c0d00d55877ad76f7c4289fd07d9df72/backend/src/Controllers/AuthorizationController.cs#L363 and https://github.com/building-envelope-data/metabase/blob/92a29b69c0d00d55877ad76f7c4289fd07d9df72/backend/src/Controllers/AuthorizationController.cs#L373. In the user interface, this corresponds to navigating to
/connect/authorize
, being redirected to the login screen in which user name and password is entered, creating the cookie through the GraphQL endpoint, getting redirected to the consent page, and pressing the buttons accept or deny. If the user does not press accept or deny but just navigates to some other page, then the cookie is never deleted. It will stay as long as session cookies live in the user's web browser or until the user does another login attempt and presses accept or deny buttons.