[Bug]: Code-server version 4.13.0. It allows changes to be made in files opened in different tabs even after logging out from one tab. The logout action is effective only if we refresh the new tab; otherwise, code-server remains logged in for that tab.

[jaimalsumbria]

Is there an existing issue for this?

• [X] I have searched the existing issues

OS/Web Information

• Web Browser:
• Local OS:
• Remote OS:
• Remote Architecture:
• code-server --version:

Steps to Reproduce

Code-server version 4.13.0.

1. open code-server in 2 tabs.
2. logout from one.
3. Open a file in second tab.
4. make changes to the file.
5. changes will be saved.

Expected

It shouldn't allows changes to be made in files opened in different tab after logging out from any of the tabs.

Actual

Code-server version 4.13.0. It allows changes to be made in files opened in different tabs even after logging out from one tab. The logout action is effective only if we refresh the new tab; otherwise, code-server remains (semi-) logged in for that tab.

Logs

No response

Screenshot/Video

No response

Does this issue happen in VS Code or GitHub Codespaces?

• [X] I cannot reproduce this in VS Code.
• [X] I cannot reproduce this in GitHub Codespaces.

Are you accessing code-server over HTTPS?

• [X] I am using HTTPS.

Notes

I am using https but not built-in, I am proxying through NGINX.

[code-asher]

This is an interesting problem. I suppose the other tabs are not aware that the cookie has been deleted and keep using it.

I think the proper way to solve this is to generate a random token that we exchange for the password which lets us invalidate it.

Related: https://github.com/coder/code-server/issues/3576