Sign Out Feature Does Not Terminate Session Properly


**Environment:**

- Browser: Chrome Version 139.0.7258.139
- OS: Windows 11

**Preconditions:**

User account exists with valid credentials.

**Steps to Reproduce:**

- Log in with valid credentials.
- Click the “Sign Out” button.
- After logout, open page source.
- Manually delete "div" containing the “Log In” button.
- Delete "div" with gray background overlay.
- Attempt to remove an existing patient record.

**Expected Result:**
After logging out, the session should be fully terminated.

User should be redirected to login page.

Application should prevent any interaction or content modification without valid authentication.

**Actual Result:**
User can still interact with and edit page content after logging out by manipulating the DOM, indicating that logout only hides the UI instead of fully ending the session.


**Notes/Suggestions:**

Ensure server-side session is invalidated upon logout.

Protect endpoints with authentication checks (not just UI restrictions).

<img width="3675" height="1889" alt="Image" src="https://github.com/user-attachments/assets/38c39336-7528-4205-a7fe-d2d0ce74d106" />

<img width="3540" height="1906" alt="Image" src="https://github.com/user-attachments/assets/29af17de-2b25-4d72-91ba-d3c420c6854d" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Sign Out Feature Does Not Terminate Session Properly #379

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Sign Out Feature Does Not Terminate Session Properly #379

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions