in my JIRA Cloud add-on I’m using sessions to authorize users to communicate with the add-on’s API. However, if any user opens two browser tabs and then logs out of JIRA in one of those tabs, they are still able to use the add-on from the second tab, because the session persists.
I can’t use the ‘logout’ webhook to kill the session, because it will be issued by an Atlassian’s server and not the user’s browser.
Is there any way to destroy user’s session when they log out from JIRA? Maybe I can listen on some
AP.event, or do anything else?