Refresh signs me out

Question

Refresh signs me out

ohadschn opened this issue 7 years ago · comments

If I hit the refresh button, or close and re-open the page, I get signed out.

I saw issue #44 which might be related, but if this was intentional I would humbly suggest you reconsider - practically all sites I can think of retain the OAuth cookie and keep you signed in as long as the token is valid...

Chris Zhang · Answer 1 · Mon Nov 27 2017 13:01:19 GMT+0800 (China Standard Time)

Yeah, I agree. Currently, the cookie expires when the session is done, maybe we can set an expiration time for the cookie and automatically login when current oauth token in the cookie is valid?

Ohad Schneider · Answer 2 · Mon Nov 27 2017 17:52:21 GMT+0800 (China Standard Time)

I don't think you need to set the expiration for the cookie yourself, you can just use whatever expiration policy you get with the SoundCloud token. In other words just try to use the token they gave you until you get 401, at which point re-authenticate.

Chris Zhang · Answer 3 · Wed Nov 29 2017 11:30:15 GMT+0800 (China Standard Time)

@ohadschn Yes, I think it should work to use the token to check for 401 by the /me endpoint and if we do get a 401, we can remove the oauth token from the cookie and logout the current user.

Ohad Schneider · Answer 4 · Wed Nov 29 2017 19:59:55 GMT+0800 (China Standard Time)

Logout and ideally open up the login window (to save the user from noticing he has been logged out and clicking login button again himself).

Chris Zhang · Answer 5 · Sun Dec 03 2017 04:29:16 GMT+0800 (China Standard Time)

@rwieruch Any suggestions? I think this is a great improvement.

Robin Wieruch · Answer 6 · Sun Dec 03 2017 06:54:58 GMT+0800 (China Standard Time)

Sounds great. Would you like to do it?

Chris Zhang · Answer 7 · Sun Dec 03 2017 07:31:12 GMT+0800 (China Standard Time)

Yeah, I'm on it.

Robin Wieruch · Answer 8 · Sun Dec 03 2017 19:29:12 GMT+0800 (China Standard Time)

@minipekka I added you as collaborator to the project. You introduced so many improvements by now, I think it would make sense to have someone else to help me out organizing the PRs :) Feel free to merge things on your own too!

Chris Zhang · Answer 9 · Sun Dec 10 2017 06:18:15 GMT+0800 (China Standard Time)

I have a question about our session state. Currently, our session state holds an oauth_token and a dialog_session. I am not sure if it is necessary to store these two pieces of data because oauth_token is stored in Cookie and dialog_session is never used anywhere.
The only place that used session object is checking if there is a current user logged in. I think if we remove oauth_token and dialog_session from the state, we can simply check if the user object is null or not to see if it is authed or not.

Robin Wieruch · Answer 10 · Sun Dec 10 2017 07:38:16 GMT+0800 (China Standard Time)

That's seems right without looking at the code. I don't remember how I implemented it back in the days. So if you have the feeling it could be simplified, please go for it! :)