Customer Account API integration not working when logging out from hosted pages

[adamchipperfield]

What is the location of your example repository?

No response

Which package or tool is having this issue?

Hydrogen

What version of that package or tool are you using?

2024.4.1

What version of Remix are you using?

No response

Steps to Reproduce

1. Integrate the Customer Account API into Hydrogen (see guide)
2. As a customer, log in
3. Navigate to the Shopify hosted account pages (not in Hydrogen, so https://shopify.com/store-id/account) + click log out
4. Navigate back to Hydrogen, notice that you are still in a logged in state

Expected Behavior

The Hydrogen state is logged out when the customer logs out of the hosted pages.

Actual Behavior

The customer is still logged in to Hydrogen despite logging out of hosted pages.

Note: I am making some assumptions here, such as the fact that hosted pages syncs that state to Hydrogen. If this isn't the case, shouldn't it be?

[frandiox]

I believe it is not synced with Hydrogen due to performance reasons. Otherwise Hydrogen would need to add an extra HTTP call in every single request to double check the session is still valid, instead of letting it expire naturally.

cc @blittle @juanpprieto do you remember more about this issue?

[michenly]

This is expected behaviour.

When user logout under the checkout domain, hydrogen site does not know about the logout til the user trigger a behaviour that does a Customer Account API fetch and Hydrogen will then register a logout in the UI.

Security wise this is not an issue since if an user navigate back, they are only shown the data they already fetched while login. And action that trigger a new fetch (for new data) will then trigger a logout.

@romainshopify (from Customer Account API team), I believed this is already an UX improvement that's on your radar and being prioritize?