Welcome to Software Development on Codidact!
Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.
How to prevent token from being refreshed
I have an Angular application. The frontend has a mechanism that periodically fetches some information like this:
ngOnInit(): void {
setInterval( () => {
this.http.get(... ).subscribe(
(data) => {
this.data: any = data;
}
}, 10000);
}
This gets handled in the backend by the service method
@GET
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
public Response getData(
...
I also have a function for refreshing the token declared like this:
@POST
@Path("/token")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public Response updateToken(String token) {
The problem is that I only want the token to be updated when the actual user is clicking around at the page. Not for this notifier. The user should be automatically logged out if inactive for a while. That's why this matters.
I have come up with some possible strategies here.
-
Send some extra metadata in the url passed to this.http.get and somehow figure out how to extract that in updateToken
-
Adding a separate endpoint and somehow make this avoid triggering updateToken
-
Changing this.http.get to something completely different call
-
Making the server send updates periodically to valid tokens
But I have no idea how to start with any of these. Can you help?
1 answer
It's worth noting that logging out a user goes way beyond not fetching a token, because your UI needs to inform the user he is about to be (or has been) logged out. And if your UI closes or locks itself, it probably doesn't matter if it has a current token.
So I'd handle this fully in the UI; for instance by detecting keypresses and mouse clicks, and upon not observing any for X minutes, I'd show a splash screen warning that a logout is imminent, and if still no action occurs, I'd lock the UI.
To refresh the token, I'd have some angular service fetch a new token in regular intervals, but only if the UI is not locked.
That said, as a user I really hate it if apps do that. I am perfectly capable of locking my workstation before walking away, and if I switch to another app for some reason (task switching is a thing, and some tasks require interacting with more than one app), and then return to your app, I'd hate to find myself logged out and having to start over.
1 comment thread