Enhance Security - Force Logout on Expired Cookies in React Dashboard

[John-zaviago]

Issue Title: Enhance Security - Force Logout on Expired Cookies in React Dashboard

Issue Description: Currently, a security vulnerability exists in the React dashboard, where users can continue to access the dashboard even after their login cookies have expired. This occurs when a user, whose session has expired, revisits the dashboard by using direct link. The dashboard displays skeleton loading for dynamic data indefinitely and allowing the user to navigate through different pages, such as settings and account, but without actual access to sensitive information.

Detailed Behavior:

1. Login Cookies Expiry:

   • After a certain period, user login cookies expire as a standard security measure.

2. Return to Dashboard:

   • Users return to the React dashboard even after their login cookies have expired with directly link or link that saved in browser tab

3. Skeleton Loading:

   • For dynamic data sections, the dashboard continues to display skeleton loading indefinitely, suggesting that data is unable to load.

4. Navigation Capability:

   • Users retain the ability to navigate through various pages within the dashboard, including settings and account pages.

Security Risk:

• While the user cannot access sensitive information due to the expired cookies, the continued access to the dashboard raises concerns about potential security vulnerabilities and unauthorized navigation.

Enhancements: To address this security risk, we need to implement a client-side mechanism that detects expired cookies and enforces a logout action. This ensures that users are automatically logged out and redirected to the login page when their session cookies have expired, preventing any potential security loopholes.

Expected Outcome:

• Improved security by forcing a logout and redirection to the login page when users attempt to access the dashboard with expired cookies.

Additional Information:

• Consider providing clear notifications to users about the forced logout for better user understanding.
• Ensure that the redirection to the login page is seamless and user-friendly.

Enhancements:

1. Force Logout on Expired Cookies:
   • Implement a client-side mechanism to detect expired cookies.
   • When expired cookies are detected, force the user to log out and redirect them to the login page.
   • This enhancement ensures that users cannot remain in the dashboard indefinitely after login cookies have expired.

Implementation Steps:

1. Detect Expired Cookies:

   • Develop client-side logic to monitor cookie expiration.
   • Implement a mechanism to identify when cookies have expired.

2. Force Logout:

   • When expired cookies are detected, initiate a force logout action.
   • Redirect the user to the login page to ensure a secure reauthentication process.

Expected Outcome:

• Users will be automatically logged out and redirected to the login page when their session cookies expire.
• This enhancement improves the security posture of the React dashboard, preventing unauthorized access to sensitive information.

Additional Information:

• Communicate the changes to users through informative messages on the dashboard.
• Consider providing a clear and user-friendly notification about the forced logout.

---

Action Plan:

1. Assign the issue to a team member specializing in React development and security.
2. Develop client-side logic to monitor cookie expiration.
3. Implement a mechanism to detect when cookies have expired.
4. Define a force logout action to initiate when expired cookies are detected.
5. Redirect the user to the login page for a secure reauthentication process.
6. Test the implemented features to ensure reliability.
7. Provide clear and user-friendly notifications about the forced logout.
8. Update documentation to inform users about the security enhancement.
9. Communicate updates to the team and stakeholders.
10. Document the implementation details for future reference.

---

How to Test:

• Log in to the React dashboard and let the session cookies expire.
• Verify that, upon detecting expired cookies, the user is automatically logged out and redirected to the login page.
• Check for clear and user-friendly notifications about the forced logout.

[John-zaviago]

Closing - seem to be done - need to monitor other cases