Implement pub sub solution for single logout

I am new to pubsub but I believe it’s the best way to deal with a problem I have in my applications.

Context:

I have multiple web applications. Each one with its own domain.
As an example:

application1.com
application2.com
application3.com

When a user completes a login in any of those applications, the SSO preserves the session if the user navigates to another application.

Lets say user John did a login in application1.com
If Jon navigates to application2.com, the session will be generated for this application.
For Jon it looks like the session was already there, so no UX friction.

Now I want to do the same with the logout, but for a different case.

We have a dashboard application that is able to execute a logout for a specific user. Lets say an admin needs to close Jon’s session in every application.

For this case I think I can use pubsub to notify the applications when they have to logout the user.

This is basically because the session is based on cookies but cookies are specific to each site so executing a logout in application2.com its an exclusive operation and the other applications don’t know about it.

Also we use a load balancer to move the user session between multiple instances in our backend, and the ID of that session is stored in a cookie. That’s why the dashboard cannot know where is the session of the user at any time as the session is constantly being moved.

So I design the next solution:

possible solution

What do you think about this? Am i correct?

The most important thing for me here is that applications where the user is guest (NO SESSION ACTIVE) should not execute logout after the user does a login.

in the image, in app 3 I expect that after login, the app shouldn’t attempt to logout the user.

Leave a Comment