From 2a1b65df17d0fee56bcddd259eee8d398fe68a2a Mon Sep 17 00:00:00 2001
From: Michael Davis <mcarsondavis@gmail.com>
Date: Wed, 28 May 2025 12:34:51 -0400
Subject: [PATCH] Clear management auth storage when redirecting to login

This branch redirects the client to the login page when the cookie
expires. To complete the logout process we should also clear any auth
data stored in local storage: local storage has no built-in expiration
mechanism.

To test this locally you can use `make run-broker`, set the session
timeout to one minute for quick testing:

    application:set_env(rabbitmq_management, login_session_timeout, 1)

go to the management page (`http://localhost:15672/#/`), login with
default credentials and wait a minute. After this change the local
storage only contains info like `rabbitmq.vhost` and `rabbitmq.version`.
---
 deps/rabbitmq_management/priv/www/js/main.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/deps/rabbitmq_management/priv/www/js/main.js b/deps/rabbitmq_management/priv/www/js/main.js
index bfa363f57be1..0c56f1b0f890 100644
--- a/deps/rabbitmq_management/priv/www/js/main.js
+++ b/deps/rabbitmq_management/priv/www/js/main.js
@@ -1316,7 +1316,8 @@ function update_status(status) {
 
 function with_req(method, path, body, fun) {
     if(!has_auth_credentials()) {
-        // navigate to the login form
+        // Clear any lingering auth settings in local storage and navigate to the login form.
+        clear_auth();
         location.reload();
         return;
     }