Why: Logout must terminate the hub session and expire the cookie, or a stolen/leftover cookie keeps minting codes.
Done when:
- Modify the POST /auth/logout handler/service to revoke the SSO session in the store + expire the fv_sso cookie (max-age 0) when the flag is ON.
- Failing test first (extends the logout test): after logout the session is revoked and the response expires the cookie.
source: docs/SSO_APP_LAUNCHER_PHASE1_PLAN.md:78
Migrated from docs/SSO_APP_LAUNCHER_PHASE1_PLAN.md (git history retains the original).
Why: Logout must terminate the hub session and expire the cookie, or a stolen/leftover cookie keeps minting codes.
Done when:
source: docs/SSO_APP_LAUNCHER_PHASE1_PLAN.md:78
Migrated from
docs/SSO_APP_LAUNCHER_PHASE1_PLAN.md(git history retains the original).