EDM-2612: Logout method in OCP is POST. Remove cookie on logout

[celdrake]

Fixes issues on logout:

1. Cookie not being cleared - this works on Chrome but it doesn't seem to work on Firefox however
2. An error from OpenShift related to GET /logout not being allowed.

Summary by CodeRabbit

• Bug Fixes

  • Session cookies are now reliably cleared on logout; the browser is instructed to remove cookie data.

• Improvements

  • Cookie security attributes now adapt to deployment (Secure flag applied appropriately).
  • OpenShift logout flow simplified — the proxy now handles cookie clearing without external discovery calls.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updates to authentication cookie handling and OpenShift logout behavior: session cookie clearing now sets MaxAge -1 and sends Clear-Site-Data header; setCookie computes a local secure flag. OpenShift logout discovery and remote /logout call were removed; function now returns an empty URL and nil error.

Changes

Cohort / File(s)	Change Summary
Cookie handling and session management proxy/auth/common.go	setCookie now computes a local secure flag (config.TlsCertPath != "") for the cookie Secure attribute. clearSessionCookie now clears the session cookie by setting MaxAge = -1 and adds a Clear-Site-Data header. clearPKCEVerifierCookie keeps SameSite as Lax.
Logout flow simplification proxy/auth/openshift.go	Removed the OpenShift logout discovery and HTTP call logic that built and returned an issuer /logout URL. The function now returns an empty URL and nil error; unused imports related to the removed logic were dropped.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Review clearSessionCookie to ensure correct header value and cookie attributes across environments.
• Verify removal of issuer /logout call aligns with intended logout behavior and documentation.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly addresses the two main objectives: removing cookies on logout and fixing the OpenShift POST logout method issue. It clearly summarizes the primary changes without being vague or overly broad.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 509253b and 0c2151e.

📒 Files selected for processing (2)

• proxy/auth/common.go (2 hunks)
• proxy/auth/openshift.go (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• proxy/auth/openshift.go
• proxy/auth/common.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: integration-tests
• GitHub Check: Build
• GitHub Check: Build ocp plugin
• GitHub Check: Lint

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}