Logged out user is redirected to / served from public/index.html
Previous intercom conversations are no longer visible
Actual behavior
User logs out
Logged out user is redirected to / served from public/index.html
Previous intercom conversations are visible
Cause
The shutdown callback is never called for the static home page.
This exposes the logged out user's conversations to another user who shares their device and browser.
This issue is partly due to the 2-request approach used by ShutdownHelper. The advice on not clearing cookies added in #174 on redirects appears outdated or incorrect - see https://github.com/intercom/intercom-rails/issues/249. There is evidence that the cookies could be successfully cleared on redirect when SessionsController#destroy is called on logout, contrary to the README advice. Clearing the cookies in SessionsController#destroy instead of using the 2-request approach would solve this issue.
(Note, the above issue could also happen with a dynamic home page if the user loses connectivity after logout but before the redirected response completes.)
Version info
Expected behavior
/served frompublic/index.htmlActual behavior
/served frompublic/index.htmlCause
The shutdown callback is never called for the static home page.
This exposes the logged out user's conversations to another user who shares their device and browser.
This issue is partly due to the 2-request approach used by
ShutdownHelper. The advice on not clearing cookies added in #174 on redirects appears outdated or incorrect - see https://github.com/intercom/intercom-rails/issues/249. There is evidence that the cookies could be successfully cleared on redirect whenSessionsController#destroyis called on logout, contrary to the README advice. Clearing the cookies inSessionsController#destroyinstead of using the 2-request approach would solve this issue.(Note, the above issue could also happen with a dynamic home page if the user loses connectivity after logout but before the redirected response completes.)