jnation3406
commented
8 months ago I think this looks good. Is there a way to test this? Like force a cache expiration?
Yes, you can delete the session cookie in the browser, which will make the backend think you are logged out (but the frontend doesn't know until a request is made to the backend). I tested doing that locally when developing this.
… submission of a message
This uses the is_authenticated information from the heartbeat to determine if the backend still thinks the user is logged in. If the frontend thinks the user is logged in but the backend does not, then the frontend will log out the user and refresh the page. This check happens on any page navigation in the app along with the heartbeat check. If the user is on the submit message page and clicks the submit button, then we do this check one more time prior to submitting and put a warning alert on the screen if they are no longer logged in. Then they can click submit again to submit as HERMES Guest, or they can login again and go back to the submit page if they want to be logged in to submit (unfortunately in this case they would lose whatever was currently on that page).