Merge pull request #450 from vishalvivekm/cookie-d

only look for user details if a cookie exists and hasn't expired
layer5io · Mar 3, 2025 · cb8454b · cb8454b
2 parents c9ce12e + 2d427a6
commit cb8454b
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/layouts/partials/navbar.html b/layouts/partials/navbar.html
@@ -198,6 +198,8 @@
     }
 
   let isUserAuthenticated = false;
+  let expiredToken = "";
+
   function removeCookie(cookieName) {
     document.cookie = cookieName + "=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;";
   }
@@ -216,12 +218,12 @@
   const checkUserAuth = async () => {
     try {
      const token = getCookieValue("provider_token");
-      if (!token) { // cookie doesn't exist, user logged out of cloud
+      if (!token || token === expiredToken) { // cookie doesn't exist or has expired (due to user logout)
         if (isUserAuthenticated) {
           showSignInButton();
           isUserAuthenticated = false;
         }
-      throw new Error("no cookie to authenticate");
+      throw new Error("missing or expired cookie");
     }
       const re = await fetch("https://cloud.layer5.io/api/identity/users/profile", {
         method: 'GET',
@@ -230,6 +232,10 @@
         },
       });
 
+      if (res.status === 401) { // cookie has expired
+        expiredToken = token;
+        throw new Error("unauthorized");
+      }
       if (re.status !== 200) {
         throw new Error(`HTTP error! status: ${response.status}`);
       }