fix: Clear auto-login cookie on logout

[Cristhianzl]

This pull request improves the logout process by ensuring all authentication-related cookies, including the auto-login option, are cleared on logout. It also adds a regression test to verify that users cannot remain logged in after logging out and refreshing the page when auto-login is disabled.

Authentication and session management improvements:

• Updated cookieManager.clearAuthCookies() to also remove the LANGFLOW_AUTO_LOGIN_OPTION cookie, ensuring all relevant authentication cookies are cleared on logout. [1] [2] [3] [4]

Testing and reliability:

• Added an end-to-end regression test to verify that users cannot log in again after logout and page refresh when auto-login is set to false.

REC-20251107064750.mp4

Summary by CodeRabbit

• Bug Fixes

  • Improved logout behavior to ensure auto-login settings are properly cleared, preventing unintended re-authentication after logout.

• Tests

  • Added regression test to verify session data is cleared when auto-login is disabled and user logs out.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The PR integrates centralized cookie management into the logout flow, ensuring that LANGFLOW_AUTO_LOGIN_OPTION is cleared alongside other authentication cookies. It adds a regression test verifying that users cannot re-login after logout when auto-login is disabled.

Changes

Cohort / File(s)	Change Summary
Auth Cookie Management src/frontend/src/stores/authStore.ts, src/frontend/src/utils/cookie-manager.ts	Integrates cookieManager.clearAuthCookies() into the logout flow and extends clearAuthCookies() to remove LANGFLOW_AUTO_LOGIN_OPTION alongside existing auth cookies.
Regression Testing src/frontend/tests/core/regression/general-bugs-remove-session-after-logout.spec.ts	Adds test scenario verifying that users cannot re-login after logout when auto-login is disabled, including mocked API failures and page reload assertions.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Auth cookie changes: Simple logic additions but require verification that cookie clearing aligns across authStore and cookie-manager utilities
• Regression test: Requires understanding the test scenario, API mocking strategy, and the assertions for post-logout state validation after page reload

Possibly related PRs

• refactor: Centralize cookie management with singleton pattern #10442: Implements the centralized cookie-manager infrastructure that this PR leverages for clearing auth cookies including LANGFLOW_AUTO_LOGIN_OPTION.

Suggested reviewers

• lucaseduoli
• mfortman11

Pre-merge checks and finishing touches

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 3 inconclusive)

Check name	Status	Explanation	Resolution
Test Coverage For New Implementations	❌ Error	The PR adds a regression test but lacks unit tests for the modified cookie-manager utility function and authStore logout changes.	Add unit tests for cookieManager.clearAuthCookies() to verify LANGFLOW_AUTO_LOGIN_OPTION removal and unit tests for authStore logout function verification.
Test Quality And Coverage	❓ Inconclusive	Test file src/frontend/tests/core/regression/general-bugs-remove-session-after-logout.spec.ts could not be located, and no unit tests for clearAuthCookies() or test infrastructure configuration were found.	Verify test file exists in PR and provide its content. Confirm project's test framework (Playwright, Vitest, Jest) setup and examine test cases for coverage of logout and session clearing scenarios.
Test File Naming And Structure	❓ Inconclusive	The test file referenced in the PR summary could not be located in the repository after extensive searching.	Provide the actual test file content or verify it has been committed to the repository to validate naming conventions, structure, and coverage.
Excessive Mock Usage Warning	❓ Inconclusive	Test file could not be located in repository to assess mock usage patterns.	Verify test file path and location, then review mock implementations for appropriateness and necessity in the test design.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: Clear auto-login cookie on logout' directly and accurately describes the main objective of the PR—ensuring the auto-login cookie is cleared when users log out.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/frontend/tests/core/regression/general-bugs-remove-session-after-logout.spec.ts (1)

56-57: Replace fixed timeout with deterministic wait

A hard waitForTimeout(1000) risks flakiness. Please wait for a specific logout signal instead—e.g., the sign-in prompt reappearing—before triggering the reload.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 403b939 and 9d62813.

📒 Files selected for processing (3)

• src/frontend/src/stores/authStore.ts (2 hunks)
• src/frontend/src/utils/cookie-manager.ts (2 hunks)
• src/frontend/tests/core/regression/general-bugs-remove-session-after-logout.spec.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (4)

src/frontend/src/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/frontend_development.mdc)

src/frontend/src/**/*.{ts,tsx,js,jsx}: All frontend TypeScript and JavaScript code should be located under src/frontend/src/ and organized into components, pages, icons, stores, types, utils, hooks, services, and assets directories as per the specified directory layout.
Use React 18 with TypeScript for all UI components in the frontend.
Format all TypeScript and JavaScript code using the make format_frontend command.
Lint all TypeScript and JavaScript code using the make lint command.

Files:

• src/frontend/src/utils/cookie-manager.ts
• src/frontend/src/stores/authStore.ts

src/frontend/src/utils/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/frontend_development.mdc)

All utility functions should be placed in the utils directory.

Files:

• src/frontend/src/utils/cookie-manager.ts

src/frontend/**/*.@(test|spec).{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/testing.mdc)

src/frontend/**/*.@(test|spec).{ts,tsx,js,jsx}: Frontend test files should be located in 'src/frontend/' and use '.test.{ts,tsx,js,jsx}' or '.spec.{ts,tsx,js,jsx}' extensions.
Test both sync and async code paths in frontend test files.
Mock external dependencies appropriately in frontend test files to isolate unit tests from external services.
Test error handling and edge cases in frontend test files.
Validate input/output behavior and test component initialization and configuration in frontend test files.
Each frontend test should have a clear description or comment explaining its purpose, especially for complex setups or mocks.

Files:

• src/frontend/tests/core/regression/general-bugs-remove-session-after-logout.spec.ts

src/frontend/src/stores/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/frontend_development.mdc)

Use Zustand for state management in frontend stores.

Files:

• src/frontend/src/stores/authStore.ts

🧬 Code graph analysis (2)

src/frontend/src/utils/cookie-manager.ts (1)

src/frontend/src/constants/constants.ts (1)

• LANGFLOW_AUTO_LOGIN_OPTION (864-864)

src/frontend/src/stores/authStore.ts (1)

src/frontend/src/utils/cookie-manager.ts (1)

• cookieManager (79-79)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (43)

• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 36/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 40/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 34/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 39/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 31/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 35/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 38/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 37/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 33/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 29/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 32/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 30/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 25/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 28/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 24/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 23/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 27/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 26/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 22/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 21/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 20/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 15/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 17/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 19/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 7/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 18/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 10/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 16/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 12/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 9/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 11/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 13/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 14/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 8/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 6/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 4/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 5/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 2/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 3/40
• GitHub Check: Run Frontend Tests / Playwright Tests - Shard 1/40
• GitHub Check: Test Docker Images / Test docker images
• GitHub Check: Run Frontend Unit Tests / Frontend Jest Unit Tests
• GitHub Check: Test Starter Templates

🔇 Additional comments (2)

src/frontend/src/stores/authStore.ts (1)

36-36: Centralized cookie cleanup looks solid

Making logout call cookieManager.clearAuthCookies() keeps the store logic slim while ensuring the auto-login preference goes out with the rest of the auth cookies. Nice tidy-up.

src/frontend/src/utils/cookie-manager.ts (1)

71-76: Completes the auth cookie sweep

Including LANGFLOW_AUTO_LOGIN_OPTION here keeps all logout cleanup centralized in one place—exactly what we want.

[lucaseduoli]

lgtm

[github-actions]

Frontend Unit Test Coverage Report

Coverage Summary

Lines	Statements	Branches	Functions
	14.66% (3957/26980)	7.45% (1533/20562)	8.99% (532/5914)

Unit Test Results

Tests	Skipped	Failures	Errors	Time
1588	0 💤	0 ❌	0 🔥	19.147s ⏱️

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 39.35%. Comparing base (7b84a7e) to head (cff06a9).
⚠️ Report is 2 commits behind head on main.

❌ Your project status has failed because the head coverage (39.36%) is below the target coverage (60.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #10528      +/-   ##
==========================================
+ Coverage   31.55%   39.35%   +7.80%     
==========================================
  Files        1329     1478     +149     
  Lines       60294    82196   +21902     
  Branches     9023     8987      -36     
==========================================
+ Hits        19025    32352   +13327     
- Misses      40358    48938    +8580     
+ Partials      911      906       -5     

Flag	Coverage Δ
frontend	13.56% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/frontend/src/stores/authStore.ts	95.45% <100.00%> (+0.21%)	⬆️
src/frontend/src/utils/cookie-manager.ts	89.28% <100.00%> (+0.39%)	⬆️

... and 293 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.