Outdated authorization headers when unqueuing queries

[googol7]

When queries get unqueued the headers might be outdated, e.g. a JWT token has expired in the meantime. This can cause the app to log out. How do you suggest to solve this problem?

[helfer]

Hi @googol7, it sounds like the solution you're looking for would a) preserve the user's mutations after they've been logged out, and b) re-send them when the user has logged in again and has valid credentials?

If so, you'll almost certainly need some kind of persistence solution, unless you can reauthenticate the user without reloading the page (but even then you may opt for persistence just to be safe).

If I were to design a solution for this in my own app, I'd try something like this (assuming login is on a different page):

• either detect when the page gets unloaded (register an onbeforeunload if the queue is not empty), or if that's not good enough then continuously write your queue to storage.
• on login, check if the queue is empty, and if it isn't then replay the events in the queue.

A thing to keep in mind here is that local storage is persistent and could be inspected after logout. If the data you're storing is in any way sensitive, you may need to worry about security as well. At the very least you want to make sure that mutations don't suddenly get sent on behalf of another user if someone different logs in.

As mentioned earlier, there might also be cases where sending old mutations isn't what the user wants or expects.

Given the challenges, I'd really only do this if it makes sense for the application.

Take all of this with a grain of salt, because I haven't actually built any of this for my own applications. You'd likely be better off taking advice from someone who has built this and is using it in production.