Closed mm6654 closed 1 year ago
This is a cookie issue. The user appears to be logged in, but the cookie has already expired and the user gets a 404 unauthorized response. The cookie is set for too long and I'll set it for a shorter period of time.
Polling to determine when token expires is possibility (but inefficient) and also might interrupt annotation/viewing sessions because the outcome is to 1) forward to login page again or 2) refresh page. Both will interrupt flow and possibly create scenario where changes are lost.
Even if token/session (JWT) duration is modified, the issue will come up again if browser left open long enough - and creating infini-logins is not recommended from security standpoint. I suggest the following:
1) modify token/session to something reasonable - I suggest 1 week 2) when user enters Ng page, get expiration date from JWT and store in memory (https://stackoverflow.com/questions/70879343/how-to-get-exp-from-jwt-token-and-compare-with-it-current-time-to-check-if-tok) 3) upon any callback click event (e.g. save state/annotations), compare expiration datetime stamp with current time. If expired, save state to poucdb (or other in-browser NoSQL store), allow login to re-authenticate, then trigger sync from browser NoSQL (JSON) store to server.
If #3 can be implemented properly, this will allow local save in case of network errors as well.
I've done most of the suggestions above .Each time the user saves or creates a new state in Neuroglancer, the cookie will get refreshed and that will verify the cookie and extend it for another week.
I updated the Neuroglancer, angular and Django code. This should now work.
I tested on multiple plain Neuroglancer states, and whenever I clicked on "New" to generate a new link, I got the following error message: "Internal error: please see debug message."
Here it is for DK78:
And again for DK40: