Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth being mismanaged when token cookie is expired #172

Open
kgilles opened this issue Jun 15, 2024 · 0 comments
Open

Auth being mismanaged when token cookie is expired #172

kgilles opened this issue Jun 15, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@kgilles
Copy link
Member

kgilles commented Jun 15, 2024

If you have an expired jwt cookie in your browser then the client API will completely disregard it, while any server-side actions will still try to use it. As it doesn't know the auth is expired. This creates a scenario where server actions fail because of invalid auth.

We need to make sure that (a) the client and server are on the same page reg. cookies, using and managing them in the exact same way. Also, (b) the client should delete the cookie from the browser after expiry to make sure it's not passed to any server requests.

@kgilles kgilles added the bug Something isn't working label Jun 15, 2024
@kgilles kgilles moved this to 📋 Backlog in Sublinks Frontend Jun 15, 2024
@kgilles kgilles moved this from 📋 Backlog to 🔖 Ready in Sublinks Frontend Jun 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Status: 🔖 Ready
Development

No branches or pull requests

1 participant