Communities

The Great Outdoors

Photography & Video

Scientific Speculation

Electrical Engineering

Languages & Linguistics

Software Development

Community Proposals

tag:snake search within a tag

answers:0 unanswered questions

user:xxxx search by author id

score:0.5 posts with 0.5+ score

"snake oil" exact phrase

votes:4 posts with 4+ votes

created:<1w created < 1 week ago

post_type:xxxx type of post

Notifications

Mark all as read See all your notifications »

Q&A Code Reviews Meta

Q&A

Posts Tags Edits

Welcome to Software Development on Codidact!

Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.

Comments on How to prevent token from being refreshed

Parent

How to prevent token from being refreshed

+5

−0

I have an Angular application. The frontend has a mechanism that periodically fetches some information like this:

ngOnInit(): void {
    setInterval( () => {
        this.http.get(...   ).subscribe(
            (data) => {
                 this.data: any = data;
            }
      }, 10000);
}

This gets handled in the backend by the service method

@GET
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public Response getData(
    ...

I also have a function for refreshing the token declared like this:

@POST
@Path("/token")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response updateToken(String token) {

The problem is that I only want the token to be updated when the actual user is clicking around at the page. Not for this notifier. The user should be automatically logged out if inactive for a while. That's why this matters.

I have come up with some possible strategies here.

Send some extra metadata in the url passed to this.http.get and somehow figure out how to extract that in updateToken
Adding a separate endpoint and somehow make this avoid triggering updateToken
Changing this.http.get to something completely different call
Making the server send updates periodically to valid tokens

But I have no idea how to start with any of these. Can you help?

java angular glassfish

posted about 2 years ago

CC BY-SA 4.0

2y ago

1248 reputation 17 12 159 52

Raw

Markdown

is a duplicate

This question has been asked before and has already been answered. It should be marked as a duplicate.

Please enter the URL of the proposed duplicate in the details field below.

not constructive

This question cannot be answered in a way that is helpful to anyone. It's not possible to learn something from possible answers, except for the solution for the specific problem of the asker.

1 comment thread

Why? (2 comments)

Post

+3

−0

It's worth noting that logging out a user goes way beyond not fetching a token, because your UI needs to inform the user he is about to be (or has been) logged out. And if your UI closes or locks itself, it probably doesn't matter if it has a current token.

So I'd handle this fully in the UI; for instance by detecting keypresses and mouse clicks, and upon not observing any for X minutes, I'd show a splash screen warning that a logout is imminent, and if still no action occurs, I'd lock the UI.

To refresh the token, I'd have some angular service fetch a new token in regular intervals, but only if the UI is not locked.

That said, as a user I really hate it if apps do that. I am perfectly capable of locking my workstation before walking away, and if I switch to another app for some reason (task switching is a thing, and some tasks require interacting with more than one app), and then return to your app, I'd hate to find myself logged out and having to start over.

posted about 2 years ago

CC BY-SA 4.0

2375 reputation 7 56 220 35

Copy Link

Raw

Markdown

1 comment thread

Thanks, I'll look into it. However, I was really hoping to not have to redesign everything just to fi... (4 comments)

meriton‭ wrote about 2 years ago

Do you know the environment well enough to say that with certainty? For instance, people are never interrupted by a ringing phone and have to handle that before continuing? Or the arrival of an urgent email? Or some coworker asking for help through chat? Obviously, I don't know the environment you are developping for, so you'll have to be the judge of that. I am just saying that it is not usually as obvious as it appears at first glance.

klutt‭ wrote about 2 years ago

I completely understand your skepticism, but this is not the typical office environment. I also hate such features, but in this case it's a security issue that's not negotiable. In the case that someone get interrupted by another task it's actually imperative that this automatic logoff works.

However, it turned out that it was not as much work as I thought to implement your solution, and it seems to work quite nicely. Thank you.