Closed Osmose closed 10 years ago
In #152 we're considering moving to the get API, which wouldn't suffer from this issue.
a1c6928dbe4c221313a5143a6cf0fe0dbad82fdd switched us to fetching the CSRF token via ajax, and a021621b9adabac4d722880cce6e1f90b2908a8e switches us to only fetching the token right before we submit the form. Plus, I haven't seen this issue in a long time and am not entirely convinced it wasn't another issue than this.
I'll call this resolved unless someone else still experiences this.
Persona has been known to call the callbacks passed to
navigator.id.watch
more than once (we suspect this is an issue with Flicks and have heard from others that they've run into this as well) after a login/logout attempt. To help avoid issues around double-submitting the login form, we should make the JavaScript idempotent if possible, or at least limit them to some reasonable rate, like only allowing one run per half-second.