Skip to main content

Logout

The logout process in Blueprint is designed to be secure, efficient, and developer friendly. It involves invalidating the user's session and updating the client-side state to reflect that the user is no longer authenticated.

How does Blueprint handle logout?

Blueprint uses a combination of client-side logic and server-side endpoints to handle logout. Here's a step-by-step breakdown of the process:

  1. User Initiates Logout

The user clicks the logout button in the application's user interface. This utilises the useLogout mutation hook to perform an asynchronous GET request to the /api/auth/logout endpoint.

  1. Server Invalidates Session

When the server receives the logout request, it clears all authentication-related cookies and returns a response void of cookies in the headers. This invalidates the user's session.

  1. Client Reflects Server State

After the server has invalidated the session, the client updates its state to reflect that the user is no longer authenticated. The useLogout hook facilitates this process by clearing the react-query cache.

Finally, the user is redirected to the designated home page of the application.

Security Considerations

By invalidating the session on the server-side and clearing the session cookie, we ensure that the user's session cannot be used after they have logged out. This protects against session hijacking and other types of attacks. More information on Session Expiration considerations can be found at the OWASP site.