Closed Atmosfearful closed 1 year ago
goatsOnDrugs
commented
1 year ago Notes for goats: Hm, torus is stored in session storage bc they want the user logged out when they close tab. We track wallets in local storage which isnt cleared when tab closes.
goatsOnDrugs
commented
1 year ago @Atmosfearful I think I need to fix this after we merge the error handling bc I check for the "User rejected torus" event there and I think we will need to clear the local storage there. I assume we don't want to take the longer route and try to persist login. From docs
Is it possible to allow users to persist their session with the DApp, so that they don't have to login again?)
It is definitely possible but keeping the user logged in for just that session gives better privacy guarantees for users. There is no easy way for Torus to ensure that users are logged out by the DApp, so we opted to keep user sessions self contained.
Most Oauth providers already solve this problem by auto-approving the login request if the user logged in recently, and it may not even require user interaction. For example, for Facebook login, users do not even need to click anything if they have recently logged in.
Atmosfearful
commented
1 year ago This is actually a cache issue for other wallets as well, I noticed it with metamask-- it was popping up until I logged in and manually disconnected it.
When I open klima in a new tab or refresh the page, torus pops up sometimes.
I believe what's happening is the session expires on torus end, so we get disconnected. But the app doesn't know that, so we don't clear the cache, so when the page refreshes, it tries to reuse the existing torus connection, which triggers the popup.
If the user reconnects the problem goes away. But if they close the torus modal and refresh, the problem persists.
Solution: When the user closes the torus modal, see if there is a torus event that is dispatched so we know to clear the cache.