Merge pull request #883 from pradnya-orchestral/OWASP_tokenexpiration

logout action should logout user from all tabs

Author: m4dcoder

modules/st2-api/api.js

@@ -135,13 +135,18 @@ export class API {
         server: this.server,
         token: this.token,
       }));
+      localStorage.setItem('logged_in',JSON.stringify({
+        loggedIn: true,
+      }));
     }
   }
 
   disconnect() {
     this.token = null;
     this.server = null;
     localStorage.removeItem('st2Session');
+    localStorage.removeItem('logged_in');
+
   }
 
   isConnected() {

modules/st2-menu/menu.component.js

@@ -63,9 +63,26 @@ export default class Menu extends React.Component {
     style: componentStyle,
   }
 
+  componentDidMount() {
+    window.addEventListener('storage', this.storageChange());
+  }
+
+  componentWillUnmount() {
+    window.removeEventListener('storage',this.storageChange());
+  }
+
   docsLink = 'https://docs.stackstorm.com/'
   supportLink = 'https://forum.stackstorm.com/'
 
+  storageChange () {
+    window.addEventListener('storage', (event) => {
+      if (event.key === 'logged_in' && (event.oldValue !== event.newValue)) {
+        api.disconnect();
+        window.location.reload();
+      }
+    });
+  }
+  
   handleDisconnect() {
     api.disconnect();
     window.location.reload();