Skip to content

Fix the customer account implementation to clear all session data on logout #2843

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 24, 2025
Merged

Fix the customer account implementation to clear all session data on logout #2843

merged 1 commit into from
Apr 24, 2025

Conversation

blittle
Copy link
Contributor

@blittle blittle commented Apr 8, 2025

WHY are these changes introduced?

The logout method on the customer account API abstraction does not clear all session data. It only clears customer account api related data. This means if the user attaches any custom data to the session, it will bleed across customer account logins.

WHAT is this pull request doing?

This fixes the logout method to destroy the whole session, preventing any data from bleeding. If for some reason users want to keep custom data in the session, they can pass keepSession: true to the logout method:

export async function action({context}: ActionFunctionArgs) {
  return context.customerAccount.logout({
    keepSession: true
  });
}

HOW to test your changes?

  1. Add something to the session inside the customer account pages. For example, on the account.profile.tsx page, add context.session.set('test', 'test ' + new Date().toISOString()); to the action.
  2. Log into the app locally
  3. Update the profile, so that the action is called and a field is put into the session
  4. Logout
  5. Make sure the session is cleared
  6. Try again with keepSession:true, and make sure the session is persisted.

Post-merge steps

Checklist

  • I've read the Contributing Guidelines
  • I've considered possible cross-platform impacts (Mac, Linux, Windows)
  • I've added a changeset if this PR contains user-facing or noteworthy changes
  • I've added tests to cover my changes
  • I've added or updated the documentation

@shopify Shopify
Copy link
Contributor

shopify bot commented Apr 8, 2025

Oxygen deployed a preview of your bl-customer-account-destroy-session branch. Details:

Storefront Status Preview link Deployment details Last update (UTC)
metaobjects ✅ Successful (Logs) Preview deployment Inspect deployment April 8, 2025 9:01 PM
custom-cart-method ✅ Successful (Logs) Preview deployment Inspect deployment April 8, 2025 9:01 PM
Skeleton (skeleton.hydrogen.shop) ✅ Successful (Logs) Preview deployment Inspect deployment April 8, 2025 9:01 PM
third-party-queries-caching ✅ Successful (Logs) Preview deployment Inspect deployment April 8, 2025 9:01 PM
classic-remix ✅ Successful (Logs) Preview deployment Inspect deployment April 8, 2025 9:01 PM

Learn more about Hydrogen's GitHub integration.

juanpprieto
juanpprieto approved these changes Apr 8, 2025
View reviewed changes
Copy link
Contributor

@juanpprieto juanpprieto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work

@blittle blittle merged commit f80f3bc into main Apr 24, 2025
12 checks passed
@blittle blittle deleted the bl-customer-account-destroy-session branch April 24, 2025 19:13
@shopify-github-actions-access shopify-github-actions-access bot mentioned this pull request Apr 24, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juanpprieto juanpprieto juanpprieto approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@blittle @juanpprieto