[ I have read the other issues relating similar cases, however this one is slightly different and I can't find a solution. ]
On any state change, the superloginInterceptor' service.request method is called, causing checkRefresh to be called as well, then $http.post(.../refresh). And if the session has expired on the server, a 401/Not authorized response is received.
Then, 2 different things can happen depending on the superlogin config:
a) if some endpoints are defined, the session is destroyed (due to service.responseError calling checkEndpoint, in turn calling superloginSession.deleteSession)
b) if no endpoints are defined, then the problem is avoided, however another one raises in other parts of the application: for instance the logout calls fail because the request is not prepared with the proper authorization (because the Bearer header has not been set in service.request).
Setting noDefaultEndpoint does not help, because in any case, the actual superlogin server endpoint is relevant (rather than the one serving the Angular html pages)
I would like to avoid to have the user logged out when he navigates on pages that do not require authentication, so how can I do this? I suggest that the ideal would be that superloginInterceptor 'request' should not call checkRefresh at any time, but only when hitting the configured endpoints.
Hi,
[ I have read the other issues relating similar cases, however this one is slightly different and I can't find a solution. ]
On any state change, the superloginInterceptor' service.request method is called, causing checkRefresh to be called as well, then $http.post(.../refresh). And if the session has expired on the server, a 401/Not authorized response is received.
Then, 2 different things can happen depending on the superlogin config:
a) if some endpoints are defined, the session is destroyed (due to service.responseError calling checkEndpoint, in turn calling superloginSession.deleteSession)
b) if no endpoints are defined, then the problem is avoided, however another one raises in other parts of the application: for instance the logout calls fail because the request is not prepared with the proper authorization (because the Bearer header has not been set in service.request).
Setting noDefaultEndpoint does not help, because in any case, the actual superlogin server endpoint is relevant (rather than the one serving the Angular html pages)
I would like to avoid to have the user logged out when he navigates on pages that do not require authentication, so how can I do this? I suggest that the ideal would be that superloginInterceptor 'request' should not call checkRefresh at any time, but only when hitting the configured endpoints.