-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User Forced to Go Through Login Flow Twice After Session Expired #83
Comments
Hey @tyler-dane 👋, I'm interested on this issue. How can I reproduce the scenario? Should I create a new account? When does the session expire? |
Hey @DiegoMutre thanks for your interest. I'm honestly not sure about an easy way to reproduce it consistently. The painful ways would be to:
Since there's a lot of unknowns here, the best way might be to just reach out to the Supertokens support team on Discord, which is pretty responsive with stuff like this. They'd know more than I about how to fix this. |
Hey @tyler-dane! I haven't tried any of the ways you suggested me yet, but I tried something else: I set the access_token_validity to 60 seconds and the refresh_token_validity to 2 minutes in the SuperTokens Development Environment Configuration So, I got the session to "expire" because it logs me out after the 2 minutes, but the issue doesn't happen, even if the account was just created. Anyway, I will try to reach out to the SuperTokens support team on Discord to get more info. You can try doing something like I did with the SuperTokens config to see if the same happens. |
Hey @DiegoMutre - that's great that you're coming up with creative ways to reproduce this. While this issue might not occur after the method you described, I confirmed today that it still occurs in production :/ I updated the description with another screenshot to validate this. |
Prerequisites
Expected Behavior
Current Behavior
1-6: same
7: Compass redirects to home page, which triggers requests for
/api/event....
8. The request fail with 401 unauthorized from SuperTokens
9. User is redirect to login page
10. User clicks through sign in button and dialog AGAIN
11. User is redirected to home page
12. User can finally access and edit events like normal
Steps to Reproduce
Here's what the devtools like after 'successfully' going through the OAuth flow. Notice the 401 'unauthorised' message from Supertokens.
![401s](https://private-user-images.githubusercontent.com/30163055/350778572-be4a8ff5-b62d-489a-8e31-c7132eb6103d.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjIyNzkwMDMsIm5iZiI6MTcyMjI3ODcwMywicGF0aCI6Ii8zMDE2MzA1NS8zNTA3Nzg1NzItYmU0YThmZjUtYjYyZC00ODlhLThlMzEtYzcxMzJlYjYxMDNkLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzI5VDE4NDUwM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWQxZTZmZjYwOWRkNGZiZmQ3N2E5Yjk3YjZkM2U0YjcxYWM1ZjBjMDUxM2RiODkzMzNhOWNlY2M0ZTIzODBjMDAmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.L8kQRPR2eYxkGM2A7XPTEg6PdCmcnIFis0K-rduM6jU)
Here are the logs that accompany the above scenario:
More backend logs, this time as a screenshot:
![401s-backend](https://private-user-images.githubusercontent.com/30163055/350815776-bcfea3e5-93e3-4207-9413-6060e2acea73.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjIyNzkwMDMsIm5iZiI6MTcyMjI3ODcwMywicGF0aCI6Ii8zMDE2MzA1NS8zNTA4MTU3NzYtYmNmZWEzZTUtOTNlMy00MjA3LTk0MTMtNjA2MGUyYWNlYTczLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzI5VDE4NDUwM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWNlMGMyM2VhYzI2NjBhOWYwMTFhY2Q3YTQyM2YyZTlmNGQwNWQwOTNlMDNmZTBjZmYzZjJmMDJkYzNmNTI5ODMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.fvt4aImA2aM2GdQgnd15H1B28En-JeM5Sdfmo_ruU_M)
Possible Solution (Not obligatory)
Context
This affects users by giving them the impression that the sign in is broken (it kinda is), which causes them to give up before trying again a second time.
The text was updated successfully, but these errors were encountered: