PWA keeps signing me out #7109
Comments
|
cc: @zakhap @sachben91 @ForestMars, I added a bit of additional context |
|
This is needed for the |
|
Quick update. I'm working on this now and trying to figure out what is happening. I investigated running it on the iOS Simulator on MacOS but it won't allow app install so I can't install Metamask to verify. I was going to change my system clock to verify but I can't do that now. I'm going to try to debug this on my iPad and try to change the system time there to see if I can reproduce this. There's also the issue of whether it's an issue on Android too. I authenticated on Android and will see if it expires my session. I think once I debug on my iPad that I can fix this quicker. |
|
I confirmed this is happening on android too. I'm going to try to debug it there as it's easier to debug remotely on android. It's probably the same bug. |
|
Re-confirming on Chrome for the desktop. Logged in on Apr 27 at 10:15AM |
|
OK. I know what the root cause is. The connect-id cookie is a session cookie so this impacts ALL browsers that authenticate this way. Not just metamask or iOS. Now that I now it's easy to track down (and it's not related to a mobile device) it's going to be easier to resolve. We're probably not specifying a session length or maybe it's just getting ignored. |
|
This impacts social login too... the cookie is connect.sid for social login. I need to double check the name for the one for walllet connect. |
|
What do we want to set as the expiration. Also, should we extend the expiration each time they log into the app or should it have a fixed cliff? |
|
Would be great to refresh expiration as they log in again before initial
expiration .
I think there is a previous ticket that said we ought to extend sessions to
14 days.
As a note, we’ll have to update the session length within our “canvas
session key provider” and within Magic (they set a separate session length)
Sent via Superhuman iOS ***@***.***>
…On Sat, Apr 27 2024 at 2:26 PM, Kevin Burton ***@***.***> wrote:
What do we want to set as the expiration. Also, should we extend the
expiration each time they log into the app or should it have a fixed cliff?
—
Reply to this email directly, view it on GitHub
<#7109 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABIWMHNDOMHKJEWAZQBS7LDY7PUXBAVCNFSM6AAAAABEWJXUTWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBRGEZDEMBRGU>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
@dillchen So basically you want a constant 14 day extension? I'm going to to test all auth providers to make sure we handle these properly. |
|
I created a new ticket just for solving the cookie session length issue What I'm going to do now is just set 14 days fixed if the session length isn't set: |
|
Sounds good!
Sent via Superhuman ***@***.***>
…On Mon, Apr 29, 2024 at 11:29 AM, Kevin Burton ***@***.***> wrote:
I created a new ticket just for solving the cookie session length issue
What I'm going to do now is just set 14 days fixed if the session length
isn't set:
#7595 <#7595>
—
Reply to this email directly, view it on GitHub
<#7109 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABIWMHOUPA62TSKKCHTV62TY7ZRMRAVCNFSM6AAAAABEWJXUTWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBTGA2DCNJTGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
I have a PR for this but I need to figure out the interval for sessions. 2 weeks, 1 month, 1 year? I need an answer from the product team |
|
This PR is done but I don't know what's up with master being ready to merge. |
Describe the bug
The PWA appears to sign me out a few after I've signed into it on my phone
Initial conditions
re-opening the PWA after around 16-24 hours
Environment:
production
Browser:
iPhone 12 mini
Wallet:
was signed in with metamask, using walletconnect
Reproduction steps
Actual behavior
Expected behavior
Reporter
@sachben91
Additional context
We will need to make sure to fix on:
and we probably need to double check each authentication type
The text was updated successfully, but these errors were encountered: