directus icon indicating copy to clipboard operation
directus copied to clipboard

Published 20 hours ago verified publisher icon directus

App doesn't properly refresh the session once the tab gets focus again

Open koksikus opened this issue 1 year ago • 4 comments

Describe the Bug

With an expired Token, this error message appears and first of all, it should not be an unexpected Error because we know what it is, but this time it is about the Reset Page Preferences button, by clicking on it, it will change the appearance of the data. I think there should be a refresh button. Zrzut ekranu 2023-03-31 142246

To Reproduce

Wait until the timer expires, go to the Directus tab and see the message. Click on it and the page preferences will be changed. But it's just the token getting expired. If someone clicks on it (thinking it will solve problem) they will have even more trouble with resetting the data.

Hosting Strategy

Self-Hosted (Docker Image)

koksikus avatar Apr 01 '23 11:04 koksikus

Wait until the timer expires, go to the Directus tab

So you're saying you have Directus in a background tab, and then switch back to the tab after the expiration time of the access token? What browser/version are you using? Sounds to me like the actual underlying bug here is that the app doesn't properly refresh the session once the tab gets focus again 🤔

rijkvanzanten avatar Apr 03 '23 15:04 rijkvanzanten

I just did a test. I opened Directus in the refreshed tab. I opened another one tab and worked on it after about 20 minutes or a little more I switched back to the Directus tab and a list of errors appeared in the console:

GET (...) 401 (Unauthorized)
Uncaught (in promise) X {message: 'Request failed with status code 401', name: 'AxiosError', code: 'ERR_BAD_REQUEST', config: {…}, request: XMLHttpRequest, …}
GET (...) 401 (Unauthorized)
Uncaught (in promise) X {message: 'Request failed with status code 401', name: 'AxiosError', code: 'ERR_BAD_REQUEST', config: {…}, request: XMLHttpRequest, …}
GET (...) 401 (Unauthorized)
Uncaught (in promise) X {message: 'Request failed with status code 401', name: 'AxiosError', code: 'ERR_BAD_REQUEST', config: {…}, request: XMLHttpRequest, …}

I'm using the latest version of Directus in the Edge browser.

koksikus avatar Apr 03 '23 16:04 koksikus

/linear

rijkvanzanten avatar Apr 03 '23 16:04 rijkvanzanten

🤖 Linear issue created! Maintainers can access it here: ENG-871

github-actions[bot] avatar Apr 03 '23 16:04 github-actions[bot]

The same errors keep popping up in the background. The longer it takes, the more the console fills up with errors.

koksikus avatar Apr 17 '23 17:04 koksikus

I noticed one more thing - if everything is on one computer and database and directus and I log in to the project using this computer, no error appears.

koksikus avatar Apr 19 '23 04:04 koksikus

I'm using the latest version of Directus in the Edge browser.

This might be Edge's Sleeping Tabs feature: https://www.microsoft.com/en-us/edge/features/sleeping-tabs-at-work

@koksikus Can you share what is the amount of time configured for your Edge browser within Settings -> System and performance -> Optimize performance -> Put inactive tabs to sleep after the specified amount of time? Here's an example screenshot to find it in your browser:

I noticed one more thing - if everything is on one computer and database and directus and I log in to the project using this computer, no error appears.

By "everything is on one computer" and "this computer", are you accessing Directus via localhost instead of an actual domain?

It seems like localhost for example cannot enter such "sleep" state as Edge prevents it:

so I'm wondering if it's the reason why it worked for you when you said "one computer".

Additionally, did you configure ACCESS_TOKEN_TTL and REFRESH_TOKEN_TTL environment variables for your Directus setup?

azrikahar avatar Nov 09 '23 13:11 azrikahar

Hi azrikahar, I checked, I changed the settings to 12 hours or clicked the option to completely disable this function and it didn't change anything, this message still appears. When writing about one computer, as you write, the database and directus are on one computer and I log in via localhost. I changed ACCESS_TOKEN_TTL to 120 min and REFRESH_TOKEN_TTL to 1 day. Previously, I had higher values and it didn't change anything in terms of the message that appeared, only that I force them to log in again and this way they won't click on this message, which will cause the view to fall apart. Should I do any other tests?

koksikus avatar Nov 10 '23 11:11 koksikus

This only happens on the databases tab. If I'm on Directus settings tab, nothing like this happens.

koksikus avatar Nov 10 '23 13:11 koksikus

@koksikus thanks for doing the additional checks on your end!

Should I do any other tests?

Would it be possible for you to help test out #20383 in your setup? That would extremely helpful to confirm whether it resolves your exact situation, just in case the way the error happens to you is still different than what I assumed.

EDIT: or perhaps you can help test it out once this merged PR gets out in the next release 👍

azrikahar avatar Nov 10 '23 14:11 azrikahar