Skip to content

Commit d646a30

Browse files
committed
docs: correct logoutFromServer JSDoc with verified server behavior
The previous comment claimed the server-side logout call produces audit log entries. Empirical verification against artemis.tum.de (two JWTs stayed valid across multiple logout calls) and source-code inspection of Artemis' PublicUserJwtResource.logout() show the server handler only emits a `Set-Cookie: jwt=; Max-Age=0` header — no blacklist, no audit log, no server-side token invalidation. Updates the note to document the verified behavior and reference the Artemis server file so future readers can check for themselves.
1 parent e63aebc commit d646a30

1 file changed

Lines changed: 8 additions & 5 deletions

File tree

extension/src/extension/api/artemisApi.ts

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -315,11 +315,14 @@ export class ArtemisApiService {
315315
* re-clear auth and fire the auth-expired callback — both
316316
* pointless and confusing during an intentional logout).
317317
*
318-
* Note: Artemis uses stateless JWTs without server-side blacklisting,
319-
* so this call does not invalidate the token on the server. It merely
320-
* tells Artemis "the user intentionally logged out" (audit logs) and
321-
* returns a Set-Cookie header that clears the jwt cookie in browser
322-
* clients. For this Extension the benefit is protocol symmetry with
318+
* Note: Artemis uses strictly stateless JWTs — verified 2026-04-05 both
319+
* empirically (tokens stayed valid on /api/core/public/account after
320+
* multiple explicit logout calls) and via source: Artemis'
321+
* PublicUserJwtResource.logout() (core/web/open/PublicUserJwtResource.java)
322+
* only builds a Set-Cookie: jwt=; Max-Age=0 response header — no blacklist,
323+
* no audit log, no server-side token invalidation. This Extension manages
324+
* the JWT via VS Code secrets (not a cookie jar), so the Set-Cookie header
325+
* is discarded by fetch(). The call is kept for protocol symmetry with
323326
* the Artemis webapp.
324327
*/
325328
async logoutFromServer(): Promise<void> {

0 commit comments

Comments
 (0)