igny8/LOGOUT-DEBUGGING-QUICK-REF.md

# Logout Debugging - Quick Reference

## 🚀 Quick Deploy

```bash
cd /data/app/igny8
./scripts/deploy-logout-debugging.sh
```

## 🔍 What to Watch

### Console Logs (Every 30 seconds)
```
[TokenMonitor] ℹ️ Access token: 45 minutes until expiry
[TokenMonitor] ℹ️ Refresh token: 19 days, 12 hours until expiry
```

### When Logout Happens
```
[LogoutTracker] 🚨 Logout triggered
[LogoutTracker] Type: TOKEN_EXPIRED
[LogoutTracker] Message: [Exact reason]
[LogoutTracker] Idle time: 23 minutes
```

## 🛠️ Debug Tools

### Debug Panel
- **Open:** Press `Ctrl+Shift+D` or click 🔍 button
- **Shows:** Auth status, token expiry, recent logouts
- **Action:** "Log Full State to Console" button

### Browser Console Commands
```javascript
// Get token status
window.__tokenMonitor.getTokenStatus()

// Get logout history
JSON.parse(localStorage.getItem('logout_history') || '[]')

// Get last logout reason
sessionStorage.getItem('last_logout_reason')

// Check auth state
JSON.parse(localStorage.getItem('auth-storage'))
```

### Backend Logs
```bash
# Watch for logout events
docker logs -f igny8-backend | grep "LOGOUT EVENT"

# Check all auth activity
docker logs igny8-backend | grep -E "LOGOUT|TOKEN|AUTH"
```

## 📊 What Data Tells Us

### If `Type: TOKEN_EXPIRED`
- Token actually expired OR
- Code incorrectly checking expiry
- **Check:** Token status in logs - was it really expired?

### If `Type: REFRESH_FAILED`
- Refresh endpoint returned 401
- RefreshToken model rejecting valid token OR
- Backend bug
- **Check:** Backend logs for refresh endpoint errors

### If `Type: AUTH_ERROR`
- 403/402 error triggered logout (shouldn't happen)
- Error classification bug in api-new.ts
- **Check:** Network tab for failed API calls before logout

### If `Type: UNKNOWN`
- JavaScript error OR
- Browser extension OR
- Multi-tab coordination issue
- **Check:** Console for JS errors, test in incognito

## ⏱️ Expected Timeline

### With Remember Me = True:
```
T+0:     Login → Access: 60min, Refresh: 20d
T+60min: Auto-refresh → Access: 60min, Refresh: ~19d 23h
T+120min: Auto-refresh → Access: 60min, Refresh: ~19d 22h
...continues until refresh token expires after 20 days...
T+20d:   Logout → Type: REFRESH_FAILED
```

### Bug Scenario (What We're Debugging):
```
T+0:     Login → Access: 60min, Refresh: 20d
T+25min: 🚨 LOGOUT → Access: 35min left, Refresh: 19d 23h left
         ^ This is the bug! Tokens still valid but logout occurred
```

## 🎯 Critical Data Points

When logout happens, capture:

1. **Type:** USER_ACTION | TOKEN_EXPIRED | REFRESH_FAILED | AUTH_ERROR | UNKNOWN
2. **Idle Minutes:** How long user was inactive
3. **Access Token Status:** Time remaining (from TokenMonitor logs)
4. **Refresh Token Status:** Time remaining (from TokenMonitor logs)
5. **Location:** Which page user was on
6. **Last API Call:** Check Network tab
7. **Console Errors:** Any JavaScript errors
8. **Backend Logs:** What backend received

## 📍 Where to Find Data

| Data Point | Location |
|------------|----------|
| Token status logs | Browser Console (every 30s) |
| Logout event details | Browser Console (when logout) |
| Visual alert | Modal overlay (3 sec before redirect) |
| Logout reason | Signin page banner |
| Backend logs | `docker logs igny8-backend` |
| Logout history | Debug Panel (Ctrl+Shift+D) |
| Full state | Debug Panel → "Log Full State" |

## 🔧 Common Issues

### No console logs?
```javascript
// Check if monitor started
window.__tokenMonitor
// Should return: TokenExpiryMonitor { ... }
```

### No alert before logout?
```javascript
// Check if tracker loaded
localStorage.getItem('logout_history')
// Should return: JSON array
```

### Backend not receiving events?
```bash
# Test endpoint
curl -X POST http://localhost:8000/api/v1/auth/logout-event/ \
  -H "Content-Type: application/json" \
  -d '{"type":"TEST","message":"test"}'
```

### No banner on signin page?
```javascript
// Check if reason stored
sessionStorage.getItem('last_logout_reason')
// Should return: JSON object after logout
```

## 📝 Test Procedure

1. **Login** with "Remember me for 20 days" checked
2. **Open** Browser DevTools (F12) → Console tab
3. **Verify** Token monitor logs every 30 seconds
4. **Wait** 25+ minutes (can minimize, but keep tab open)
5. **Watch** for logout event in console
6. **Capture** all data:
   - Console screenshot
   - Network tab screenshot
   - Backend logs: `docker logs igny8-backend | tail -50`
7. **Check** signin page for logout banner
8. **Analyze** collected data to identify root cause

## 📞 Support Data Export

If issue persists, export:

```javascript
// 1. Token status
copy(JSON.stringify(window.__tokenMonitor.getTokenStatus(), null, 2))

// 2. Logout history
copy(localStorage.getItem('logout_history'))

// 3. Last logout reason
copy(sessionStorage.getItem('last_logout_reason'))

// 4. Full auth state
copy(localStorage.getItem('auth-storage'))
```

```bash
# 5. Backend logs
docker logs igny8-backend > backend-logs.txt
```

## 🎉 Success Criteria

After identifying root cause and fixing:

- [x] User logs in with remember_me=true
- [x] User can idle for 25+ minutes without logout
- [x] Access token auto-refreshes after 1 hour
- [x] Logout only occurs at 20 days (refresh token expiry)
- [x] Console logs confirm: "Access: 35min, Refresh: 19d 23h" at T+25min
- [x] No unexpected logout events in history

---

**Full Documentation:** See `LOGOUT-DEBUGGING-COMPLETE-SUMMARY.md`
**Deployment Guide:** See `LOGOUT-DEBUGGING-DEPLOYMENT.md`