Clear management auth storage when redirecting to login

the-mikedavis · mergify[bot] · commit ed2e1a11a4b2 · 2025-05-29T05:58:10.000Z
This branch redirects the client to the login page when the cookie expires. To complete the logout process we should also clear any auth data stored in local storage: local storage has no built-in expiration mechanism. To test this locally you can use `make run-broker`, set the session timeout to one minute for quick testing: application:set_env(rabbitmq_management, login_session_timeout, 1) go to the management page (`http://localhost:15672/#/`), login with default credentials and wait a minute. After this change the local storage only contains info like `rabbitmq.vhost` and `rabbitmq.version`. (cherry picked from commit 2a1b65d)
diff --git a/deps/rabbitmq_management/priv/www/js/main.js b/deps/rabbitmq_management/priv/www/js/main.js
@@ -1316,7 +1316,8 @@ function update_status(status) {
 
 function with_req(method, path, body, fun) {
     if(!has_auth_credentials()) {
-        // navigate to the login form
+        // Clear any lingering auth settings in local storage and navigate to the login form.
+        clear_auth();
         location.reload();
         return;
     }

Original file line number	Diff line number	Diff line change
`@@ -1316,7 +1316,8 @@ function update_status(status) {`
`1316`	`1316`
`1317`	`1317`	`function with_req(method, path, body, fun) {`
`1318`	`1318`	`if(!has_auth_credentials()) {`
`1319`		`- // navigate to the login form`
	`1319`	`+ // Clear any lingering auth settings in local storage and navigate to the login form.`
	`1320`	`+ clear_auth();`
`1320`	`1321`	`location.reload();`
`1321`	`1322`	`return;`
`1322`	`1323`	`}`