Open stevenhornung opened 7 years ago
I'm encountering the same problem. Thanks for your share but i don't really understand your simple fix. Can you describe more in detail?? Thanks.
I meant this as a fix to the meteor-restivus package by updating the implementation of Accounts._insertHashedLoginToken. You could implement this yourself by forking the package and updating the @Auth.loginWithPassword method within auth.coffee. You'd just need to change the line Accounts._insertHashedLoginToken authenticatingUser._id, {hashedToken}
to Accounts._insertHashedLoginToken authenticatingUser._id, {hashedToken: hashedToken, when: authToken.when}
to save the 'when' property when inserting a new hashed login token for the user.
After authenticating a user, a login token is created and returned. However, when saving the hashedToken to the user in the database, 'when' is not saved alongside the token.
I'm not sure if this is by design or not. I can't see why it would be. Not including the 'when' attribute requires re-logging in every time the session ends with that login token which isn't ideal.
By adding the 'when' attribute, the auth token remains logged in between sessions or if using in the browser, between refreshes.
A simple fix is to update Auth.loginWithPassword where _insertHashedLoginToken is called. Instead of passing in {hashedToken} as the second parameter, instead, pass in {hashedToken: hashedToken, when: authToken.when}. This will save the when attribute to the database with the hashedToken and fix this issue.