Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Welcome to Software Development on Codidact!

Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.

How to prevent token from being refreshed

+5
−0

I have an Angular application. The frontend has a mechanism that periodically fetches some information like this:

ngOnInit(): void {
    setInterval( () => {
        this.http.get(...   ).subscribe(
            (data) => {
                 this.data: any = data;
            }
      }, 10000);
}

This gets handled in the backend by the service method

@GET
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public Response getData(
    ...

I also have a function for refreshing the token declared like this:

@POST
@Path("/token")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response updateToken(String token) {

The problem is that I only want the token to be updated when the actual user is clicking around at the page. Not for this notifier. The user should be automatically logged out if inactive for a while. That's why this matters.

I have come up with some possible strategies here.

  1. Send some extra metadata in the url passed to this.http.get and somehow figure out how to extract that in updateToken

  2. Adding a separate endpoint and somehow make this avoid triggering updateToken

  3. Changing this.http.get to something completely different call

  4. Making the server send updates periodically to valid tokens

But I have no idea how to start with any of these. Can you help?

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

1 comment thread

Why? (2 comments)

1 answer

+3
−0

It's worth noting that logging out a user goes way beyond not fetching a token, because your UI needs to inform the user he is about to be (or has been) logged out. And if your UI closes or locks itself, it probably doesn't matter if it has a current token.

So I'd handle this fully in the UI; for instance by detecting keypresses and mouse clicks, and upon not observing any for X minutes, I'd show a splash screen warning that a logout is imminent, and if still no action occurs, I'd lock the UI.

To refresh the token, I'd have some angular service fetch a new token in regular intervals, but only if the UI is not locked.

That said, as a user I really hate it if apps do that. I am perfectly capable of locking my workstation before walking away, and if I switch to another app for some reason (task switching is a thing, and some tasks require interacting with more than one app), and then return to your app, I'd hate to find myself logged out and having to start over.

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

1 comment thread

Thanks, I'll look into it. However, I was really hoping to not have to redesign everything just to fi... (4 comments)

Sign up to answer this question »