User log out event listener

Hi,

in my JIRA Cloud add-on I’m using sessions to authorize users to communicate with the add-on’s API. However, if any user opens two browser tabs and then logs out of JIRA in one of those tabs, they are still able to use the add-on from the second tab, because the session persists.

I can’t use the ‘logout’ webhook to kill the session, because it will be issued by an Atlassian’s server and not the user’s browser.

Is there any way to destroy user’s session when they log out from JIRA? Maybe I can listen on some AP.event, or do anything else?

Forgive me if I don’t quite understand the problem; can’t you receive the logout webhook, and invalidate the corresponding session in your server?

Well… not really because of my authentication system specifics… It’be best to receive some sort of event in the front end, indicating that the user is no longer logged in.

The funny thing is that the AP.getUser still returns the user’s credentials even after logging out on the other tab. :slight_smile:

The AP.request('/rest/api/2/myself', ... works fine and returns the 401 when user is logged out, but it needs to be initiated by my code, so not to good as well.