Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User sessions are cached in memory forever #207

Open
eatyourgreens opened this issue Jun 27, 2023 · 1 comment
Open

User sessions are cached in memory forever #207

eatyourgreens opened this issue Jun 27, 2023 · 1 comment
Labels
bug

Comments

@eatyourgreens
Copy link
Contributor

eatyourgreens commented Jun 27, 2023
edited
Loading

auth.checkCurrent() returns a cached _currentUserPromise here, if it's already been set on page load.

panoptes-javascript-client/lib/auth.js

Lines 169 to 186 in bbda9c2

checkCurrent: function() {
if (!this._currentUserPromise) {
console.log('Checking current user');
this.update({
_currentUserPromise: this._getBearerToken()
.then(function() {
return this._getSession();
}.bind(this))
.catch(function() {
// Nobody's signed in. This isn't an error.
console.info('No current user');
return null;
}),
});
}
return this._currentUserPromise;
},

The problem with this is that the stored user session can't be reset by logging out in another tab. This code will never check the Panoptes API for a stale user session, as long as this._currentUserPromise is defined.

To test this out, run auth.checkCurrent() in two tabs, re-running it on visibility change, then log out in one of the tabs. The other tab will still return a Panoptes user from auth.checkCurrent(), even though its session cookie is no longer valid.

Screenshot of the browser console on a project page with a logged-out user. Even though the user account is signed out, the page still shows a username top right, and calls to auth.checkCurrent() are still logging a user object in the console.
@eatyourgreens
Copy link
Contributor Author

See also zooniverse/front-end-monorepo#4892

This was referenced Jun 27, 2023
Closed
Merged
@eatyourgreens eatyourgreens mentioned this issue Oct 23, 2023
Merged
12 tasks
@eatyourgreens eatyourgreens mentioned this issue Aug 2, 2024
Closed
@eatyourgreens eatyourgreens mentioned this issue Sep 28, 2024
Open
@eatyourgreens eatyourgreens mentioned this issue Oct 12, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove session caching zooniverse/panoptes-javascript-client
1 participant
@eatyourgreens