Log out after 2h - Githubissues

serlo / frontend

Next.js app that serves serlo.org

https://serlo.org

Apache License 2.0

38 stars 10 forks source link

Log out after 2h #1090

Closed Entkenntnis closed 3 years ago

Entkenntnis commented 3 years ago

If logged in in the frontend, you will get logged out after 2h.

Needs investigation.

Entkenntnis commented 3 years ago

The frontend sometimes show that you are logged in, but you can't see the buttons -> authorization request is silently failing.

This often happens after a certain timespan (?) or after deployments. (server? api?)

elbotho commented 3 years ago

Does this also happen in production?

Entkenntnis commented 3 years ago

Yes, this happened twice for me on production - relogin solves the issue.

Entkenntnis commented 3 years ago

Botho found a failed refresh:

/auth-refresh -> Status 500 -> Token not valid

Entkenntnis commented 3 years ago

/api/auth/auth-refresh is the culprit here: This route is often very slow and fails to refresh to token sometimes, which leads to a messy state in the frontend.

Quickfix for the moment: As long as refresh is not working reliably, don't attempt to refresh, but delete token and refresh window -> avoid invalid states in the frontend and let user relogin.

https://github.com/serlo/frontend/blob/d82e6527e5a4bad85240b51d10f070be91be772b/src/auth/use-authentication.ts#L33-L45