search

teloscube / decaf-react

A React library for Decaf Apps
https://teloscube.github.io/decaf-react/
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

Need for a machinery to detect invalid sessions #5

Closed vst closed 2 years ago

vst commented 2 years ago

Currently, if the session is no longer valid, the app goes rogue and the user does not understand what's going wrong.

We need a machinery that is setup on <DecafApp>, tracks the validity of the session and takes action if it is not valid anymore. Possible actions:

  1. Prompt user to login page?
  2. Redirect the user to login page without any prompt?
  3. Both of them implemented and configured with a flag on <DecafApp>?
vst commented 2 years ago

@alioguzhan This is important.

Note that there are two aspects to this:

  1. Check asynchronously if the session is valid, like pinging a healtcheck endpoint.
  2. Checking synchronously on DECAF Client (or by hooking DECAF Client) whether the remote API returns with authentication error.

For the latter, this hook can be proactive as well: Check before hitting the API. But this is not sufficient as the real state of authentication information is only known by the authentication server.

Maybe we should implement all.

vst commented 2 years ago

As per our discussion:

?next=hebelehubele&reason=session-expired

In this case, DECAF Waitress can show a notice on the login page:

Your session has expired. Please login again...