Hum Rahi

User Story 4 (BE & FE): Secure Logout & Session Clearance¶

Story: As a Citizen, I want to log out of the application, so that my data remains secure if I lend my device to someone else.

• In-Scope:
  • "Logout" button in User Settings/Profile.
  • BE: Blacklisting/Revoking the Refresh Token in the database.
  • FE: Clearing local storage/cookies and redirecting to the Login screen.
• Out-of-Scope: Remote logout of all devices (Global Logout).
• Acceptance Criteria (AC):
  1. Clicking Logout must immediately invalidate the session on the server.
  2. User must be redirected to the Mobile Number entry screen (OTP screen).
  3. Browser "Back" button must not allow access to authenticated pages after logout.
• Validation Rules:
  • N/A (Action-based).
• Error Messages:
  • Logout Failure: "Logout failed. Please try again."
• Definition of Done (DoD):
  • Manual verification that session tokens are nullified.
  • End-to-End (E2E) test for logout flow passing.