Closed espogian closed 3 months ago
I'm facing the same problem.Have you solved it?
it seems that extra_streamlit_components.cookie_manager.delete have some unfix bugs.This func can't delete cookie successfully.
In authenticate.py:
Please see if this problem still persists with the latest release v0.3.2.
Hi,
I’m using streamlit==1.26.0 and streamlit_authenticator==0.2.3. I’ve noticed that the JWT which saved upon login (as a cookie, which in the default config is called “random_cookie_name”) retains its validity even if the user logs out. That is, for instance, if the parameters expiry_days: 1, and within this period of time the user logs out, it is still possible to provide the JWT to the application and retrieve data. This behaviour is not completely sound under a security perspective, and I’m wondering if there is any mean to: