web client: Need to clear out last patron data at end of session

Here's code to store the last retrieved patron ID in a cookie instead of localStorage so that the value can gracefully disappear when exiting the browser.

This adds a new angular-cookies dependency. (ngCookies was avoided in the 1.3 days because it was incomplete. 1.5-era ngCookies works as expected). We'll also need ngCookies for storing the auth token for similar reasons.

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/berick/lp1527694-webstaff-clear-last-patron

Upon reading the patch, it looks like it handles one use case (closing the browser), but not the one stated in the original description: the cookie is not removed when logging out from the staff interface.

Good catch, Galen. I'm guessing there will be other cached values that will need to be removed during logout.

Possible solution... Add support for a "I am private, remove me during logout" flag to egHatch.setItem(...). When the flag is set, values are stored as session cookies only (no localStorage or Hatch storage). egHatch gets a new cleanup function, called during logout, which removes all 'private' values. This way values are cleaned if the user logs out or closes the browser without logging out.

Or just a separate API: egHatch.setLoginItem(), egHatch.getLoginItem(), egHatch.clearLoginItems().

Code for the above proposal pushed to the same branch:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/berick/lp1527694-webstaff-clear-last-patron

New stuff:

egHatch.setLoginItem()
egHatch.getLoginItem()
egHatch.removeLoginItem()
egHatch.clearLoginItems()
egHatch.getLoginKeys()

"Login" items are essentially tracked cookies. We track them so we can delete them during logout.

"Retrieve last patron" data is now stored as a "Login" item.

The auth code has also been updated to store auth tokens and auth time values as "Login" items, so that auth tokens will disappear when the browser is closed. (I thought there was a LP but for this, but I'm not seeing it..)

> Or just a separate API: egHatch.setLoginItem(), egHatch.getLoginItem(),
> egHatch.clearLoginItems().

This makes sense to me, as it makes it crystal-clear that a given item
is session-specific, though I would prefer "Session" over "Login" in
the names. Any objection to my changing the names when I review your
patch?

Actually, "LoginSession" would be better, to avoid conflating it with browser sessions.

Force-pushed API name change (Login => LoginSession) back to same branch. Thanks for the suggestion, Galen.

I resolved a conflict with the bower config and merged to the sprint-3 branch for master inclusion soon. Thanks, Bill!