favesound-redux icon indicating copy to clipboard operation
favesound-redux copied to clipboard

Published 20 hours ago • verified publisher icon rwieruch

Refresh signs me out

Open ohadschn opened this issue 6 years ago • 10 comments

If I hit the refresh button, or close and re-open the page, I get signed out.

I saw issue https://github.com/rwieruch/favesound-redux/issues/44 which might be related, but if this was intentional I would humbly suggest you reconsider - practically all sites I can think of retain the OAuth cookie and keep you signed in as long as the token is valid...

ohadschn avatar Nov 26 '17 11:11 ohadschn

Yeah, I agree. Currently, the cookie expires when the session is done, maybe we can set an expiration time for the cookie and automatically login when current oauth token in the cookie is valid?

chriszhangusc avatar Nov 27 '17 05:11 chriszhangusc

I don't think you need to set the expiration for the cookie yourself, you can just use whatever expiration policy you get with the SoundCloud token. In other words just try to use the token they gave you until you get 401, at which point re-authenticate.

ohadschn avatar Nov 27 '17 09:11 ohadschn

@ohadschn Yes, I think it should work to use the token to check for 401 by the /me endpoint and if we do get a 401, we can remove the oauth token from the cookie and logout the current user.

chriszhangusc avatar Nov 29 '17 03:11 chriszhangusc

Logout and ideally open up the login window (to save the user from noticing he has been logged out and clicking login button again himself).

ohadschn avatar Nov 29 '17 11:11 ohadschn

@rwieruch Any suggestions? I think this is a great improvement.

chriszhangusc avatar Dec 02 '17 20:12 chriszhangusc

Sounds great. Would you like to do it?

rwieruch avatar Dec 02 '17 22:12 rwieruch

Yeah, I'm on it.

chriszhangusc avatar Dec 02 '17 23:12 chriszhangusc

@MiniPekka I added you as collaborator to the project. You introduced so many improvements by now, I think it would make sense to have someone else to help me out organizing the PRs :) Feel free to merge things on your own too!

rwieruch avatar Dec 03 '17 11:12 rwieruch

I have a question about our session state. Currently, our session state holds an oauth_token and a dialog_session. I am not sure if it is necessary to store these two pieces of data because oauth_token is stored in Cookie and dialog_session is never used anywhere. The only place that used session object is checking if there is a current user logged in. I think if we remove oauth_token and dialog_session from the state, we can simply check if the user object is null or not to see if it is authed or not.

chriszhangusc avatar Dec 09 '17 22:12 chriszhangusc

That's seems right without looking at the code. I don't remember how I implemented it back in the days. So if you have the feeling it could be simplified, please go for it! :)

rwieruch avatar Dec 09 '17 23:12 rwieruch