allthesignals
commented
4 years ago I think this is what's happening: the HTTP Only cookie expires, but ember simple auth isn't able to tell that it's expired, and so it thinks it's still authenticated.
We need to look into strategies for getting this to work correctly. Either the /users?me=true endpoint needs to invalidate something or ember-simple-auth is aware of the expiration time stamp in the local storage
We're running into a situation possibly with expirations in which the frontend thinks it's auth'd after subsequent reloads, but it's actually not. The server request works because it returns data even if the filter flag for the user is enabled.