🐛 Logs out previously logged in users to avoid authentication issues with the cookie which is passed in all subdomains

[GitHK]

What do these changes do?

After #6484 was merged it became obvious that we need to logout users. Current functionality does not allow us to logout users which do not have running services or a running frontend at the moment when the maintenance page is put up.

To avoid issues, the cookie name was changed and the old cookie is also removed.

NOTE: tried multiple ways to delete the session cookie but it appears to be impossible:

• removing the cookie via del_cookie and name does not work
• using a header does not work
• using max-age or expires fields does not work

Any ideas are here are welcomed.

Related issue/s

How to test

Dev-ops checklist

• No ENV changes or I properly updated ENV (read the instruction)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.1%. Comparing base (cafbf96) to head (e439438).
Report is 627 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##           master   #6507      +/-   ##
=========================================
+ Coverage    84.5%   86.1%    +1.5%     
=========================================
  Files          10    1540    +1530     
  Lines         214   63138   +62924     
  Branches       25    2058    +2033     
=========================================
+ Hits          181   54372   +54191     
- Misses         23    8463    +8440     
- Partials       10     303     +293     

Flag	Coverage Δ
unittests	86.1% <100.0%> (+1.5%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...ings-library/src/settings_library/utils_session.py	44.4% <100.0%> (ø)

... and 1489 files with indirect coverage changes

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[matusdrobuliak66]

👍 Did the change of cookie name helped? or still needs to be tested after deploy?

[pcrespov]

I am not sure this is needed. An easier way to invalidate all cookies is to change the SESSION_SECRET_KEY

Moreover, NOTE that logging out a use is achieved by removing the auth token within the cookie not necessarily removing the entire cookie!

Let's check this when you are back :-)

[GitHK]

I am not sure this is needed. An easier way to invalidate all cookies is to change the SESSION_SECRET_KEY

Moreover, NOTE that logging out a use is achieved by removing the auth token within the cookie not necessarily removing the entire cookie!

Let's check this when you are back :-)

So this approach seems to work. Tested locally. We can regenerate the env var WEBSERVER_SESSION_SECRET_KEY on all deployments to logout users. I will go for this approach.

[sanderegg]

not sure I get what this is about.

[YuryHrytsuk]

Could you explain why do we need a new name?

[GitHK]

we do not currently. Forgot to close the PR

[GitHK]

will rotate credentials instead of renaming cookie