[WIP] Handle session expiration gracefully #3492
Conversation
| return user; | ||
| }, function() { | ||
| self.invalidate(); | ||
| }); |
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
This comment was marked as abuse.
This comment was marked as abuse.
Sorry, something went wrong.
|
Hi @marcoow, are you planning on working on this any further? I'm really excited to get this into core :) We can style the modal as a follow up task, so is there much else left to do? |
|
I'd like wot finish this but didn't find any time at all recently - hopefully next week. The problem currently is that the current solution does actually fix that one case but also introduces some other problems. For example it will always open the modal also if you are already on an error page where it really doesn't make sense. I'm not sure yet how a better approach would look. Besides that some tests are the only thing that's missing (given the styling of the modal in done in a follow up issue). |
|
I dropped the global approach where every invocation of
I definitely can't do the design and it'd also be nice if someone could step in and add a test as I don't have a lot of time currently - functionality should be good though. |
|
So I pulled this PR down and gave it a run through but I don't ever see the sign-in modal popup when authorization fails, I only get the "are you sure you want to leave?" modal dialog. |
|
You should see it when you're on the editor page, change sth., delete the token from your db and click save. |
|
That's what I'm doing and I can't seem to make it happen. Sign in -> edit existing post -> delete token -> click save. Then I get the "are you sure you want to leave?" modal, and if I hit "leave" I get the 401 and redirected to sign in. If I hit "stay" I just get dumped back to the editor. Maybe someone else can test it and see if it works for them. |
|
Hm, you're right - not sure what's wrong - I'll check |
|
...and now it works again for me - without (consciously) having changed anything... |
|
I was having the exact same problems when I was working on #3873, which is why I eventually just put the |
|
Very strange - guess we should find out what's going on though. |
|
I was having exactly the same problem, sorry I should have commented but I assumed I was doing something wrong! |
|
Any news? |
|
I don't really understand why the action is sometimes triggered on the Steps to reproduce for the working case:
Failing case:
|
|
This should be unblocked when mainmatter/ember-simple-auth#367 lands. |
|
I saw that mainmatter/ember-simple-auth#367 landed - would be awesome to get this in! |
|
Ember Simple Auth 0.7.2 including the above fix was released earlier today. |
|
Does this mean that if this PR is rebased it'll be good to merge? |
|
I have it rebased and working locally. I can do the usual and open a new PR while preserving this commit so that the UX and other details can be worked out. |
|
@jaswilli that would be awesome |
|
I've moved this commit into #4602 so that we can iron out the details and merge all at once. |
This will eventually fix #2092, however it's currently missing correct handling of some edge cases, tests etc. Whenever a 401 response is detected (which most likely means that the session is expired), a modal signin window is opened that lets the user sign in again to retry the action that triggered the 401 response.
That, together with Ember Simple Auth's automatic token refresh should resolve all problems with expired sessions and lost data.
Missing: