Commit d646a30
committed
docs: correct logoutFromServer JSDoc with verified server behavior
The previous comment claimed the server-side logout call produces
audit log entries. Empirical verification against artemis.tum.de
(two JWTs stayed valid across multiple logout calls) and source-code
inspection of Artemis' PublicUserJwtResource.logout() show the server
handler only emits a `Set-Cookie: jwt=; Max-Age=0` header — no
blacklist, no audit log, no server-side token invalidation.
Updates the note to document the verified behavior and reference the
Artemis server file so future readers can check for themselves.1 parent e63aebc commit d646a30
1 file changed
Lines changed: 8 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
315 | 315 | | |
316 | 316 | | |
317 | 317 | | |
318 | | - | |
319 | | - | |
320 | | - | |
321 | | - | |
322 | | - | |
| 318 | + | |
| 319 | + | |
| 320 | + | |
| 321 | + | |
| 322 | + | |
| 323 | + | |
| 324 | + | |
| 325 | + | |
323 | 326 | | |
324 | 327 | | |
325 | 328 | | |
| |||
0 commit comments