Clear frontend browser cache when a user logs out #3738
Description
Summary
We need to fix two issues both related to logout process.
1- When a user logs out, they should not be able to access anything from the system anymore, but our current design does not enforce this. We need to implement a security mechanism to make sure that the frontend logout user upon receiving a request with status 401.
2- When the front-end is built, name of Javascript files change, if browser has cached these files, it shows a blank screen since it does not match with the newly compiled Javascript files.
Context
During the DS4ALL camp in Summer 2025, one student experienced a bug where she could still access the data and workflows but couldn't make edits to them. After checking we found that the student was logged out of the system and that caused her unable to edit the workflows. Ideally when she was logged out, she should not be able to access any data from the system. But because of the unexpected behavior, the student got confused and had to ask for help.
We want to add a security mechanism to make sure that when a user is logged out, they should not be able to access any data or workflows from Texera system -- the stored data on the browser should be wiped out right away when a user logs out. This avoids unauthorized access to users' data and also unresolved Javascript files.
Proposed Idea
We want to add a feature to ensure that when a user is logged out, the frontend cache is cleared from the browser. Further discussion is needed to decide how to implement this feature. The first order solution is to implement a push based mechanism that backend can notify front end that user is logged out.
Update Sep 30 2025
We concluded that we can use middleware mechanism (called interceptor in Angular) to always check the status of the receiving request and if it is 401, then interceptor reject and logout the user before the request reach to the other functions.