fusion44
commented
3 months ago Working on it.
Closed rootzoll closed 3 months ago
fusion44
commented
3 months ago Working on it.
fusion44
commented
3 months ago I'm not convinced that this is an API problem. I've checked the token by logging in to the webui and extracting the token from the cookie. I've used the token to login to the Swagger UI and the token was valid until it was supposed to expire. Two minutes in my test case. No matter how long I set the expiry time, the webui always logs out on F5. Also, the webui seems to query the refresh-token endpoint many times a second.
The only reason I currently could see is that I set the cookie not well in when returning the response with the token. I did not set the cookie when calling refresh-token, but this should be fixed now.
@cstenglein Can you check?
Anyway, the expiry time is in seconds and not milliseconds anymore. In reality this should make no difference though.
cstenglein
commented
3 months ago The token will be refreshed 10minutes before expiry.
cstenglein
commented
3 months ago Reloading the webui with F5 wasn't working and will be fixed with https://github.com/raspiblitz/raspiblitz-web/pull/758
fusion44
commented
3 months ago I'll close this as it is not an API bug. Feel free to reopen.
I really often ran into situations where I do a lengthy process with the WebUI ... for exmaple installing an App. And it never shows me a success that it installed. Then I reload the page and and it asks me for my passwordA again.
So it seems that my session times out but the WebUI does not recognize it while background webevents fail.
As a quick fix I would suggest to just make the session stay valid much longer valid. Outdated session should just be a fallback in case the user forgets to logout .. so have them valid for a day even is fine with me.
@fusion44 what is our session default length at the moment?