Clean-Up "Identity.Application" cookie properly

[simon-wacker]

Currently, the cookie is added in

metabase/backend/src/GraphQl/Users/UserMutations.cs

Line 201 in 92a29b6

var signInResult = await signInManager.PasswordSignInAsync(

, used in

metabase/backend/src/Controllers/AuthorizationController.cs

Line 153 in 92a29b6

var result = await AuthenticateAsync(AuthConfiguration.IdentityConstantsApplicationScheme).ConfigureAwait(false);

, and deleted in

metabase/backend/src/Controllers/AuthorizationController.cs

Line 363 in 92a29b6

return await DoSignIn(principal).ConfigureAwait(false);

and

metabase/backend/src/Controllers/AuthorizationController.cs

Line 373 in 92a29b6

await _signInManager.SignOutAsync().ConfigureAwait(false);

. In the user interface, this corresponds to navigating to /connect/authorize, being redirected to the login screen in which user name and password is entered, creating the cookie through the GraphQL endpoint, getting redirected to the consent page, and pressing the buttons accept or deny. If the user does not press accept or deny but just navigates to some other page, then the cookie is never deleted. It will stay as long as session cookies live in the user's web browser or until the user does another login attempt and presses accept or deny buttons.