Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Mechanism to detect if you've been logged out, prompt you to re-enter your password #253
Since API tokens expire after 14 days, it's possible to be "logged out" while the client is open. You stop having permission to do things and stop getting non-public data, but the client still thinks it's logged in. We should detect if this has happened and get the client to prompt for a password so it can get a new token. (related to #219)
What needs to be done:
Actually on second thoughts I don't think we should use 419 if it's not standard. Let's stick with 401, but add some error information to distinguish an expired token from a non-existent token.
We might also want to consider allowing the token to be passed in the query string, as we've found during beta that some Apache installations don't pass the Authorization header along to PHP.
I am happy to take care of the front-end implementation after this is done.