Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: add client side cookie to expose login info #1825

Merged
merged 1 commit into from
Nov 2, 2024
Merged

feature: add client side cookie to expose login info #1825

merged 1 commit into from
Nov 2, 2024

Conversation

tkurki
Copy link
Member

@tkurki tkurki commented Nov 1, 2024

Webapps are often used in multiple windows and the browser's login status in session cookie may change in another window or in another webapp (Admin UI vs Freeboard, Kip etc). The regular session cookie is set to be httpOnly, so it is not available for clientside code.

This adds a separate cookie that is set and removed by the server when the user's login status changes. A webapp can poll for changes of this cookie to react. One notable use case for this is applicationData that is available only when the user/browser is logged in.

@tkurki
feature: add client side cookie to expose login info
12dff1d 
Webapps are often used in multiple windows and the browser's login
status in session cookie may change in another window or in another
webapp (Admin UI vs Freeboard, Kip etc). The regular session cookie
is set to be httpOnly, so it is not available for clientside code.

This adds a separate cookie that is set and removed by the server
when the user's login status changes. A webapp can poll for changes
of this cookie to react. One notable use case for this is
applicationData that is available only when the user/browser is
logged in.
@tkurki tkurki added the feature label Nov 1, 2024
@cmotelet
Copy link
Member

cmotelet commented Nov 1, 2024
edited
Loading

@tkurki Do you have a piece of webapp code to test/see the use case ?
My timeout is 365d and I don't log out, so I haven't really encountered the problem.

But in theory it sounds like a good idea.

@tkurki
Copy link
Member Author

tkurki commented Nov 2, 2024
edited
Loading

The use case is to detect login status changes in one browser tab when the user logs in or out in another window. Not your everyday incidence, but since there is currently no way to detect that.

This could be more specific to this cookie, but works for any cookie changing:

window.setInterval(
      (() => {
        let lastCookie = document.cookie
        return () => {
          const currentCookie = document.cookie

          if (currentCookie != lastCookie) {
            updateLoginInfo() //should fetch actual login status from the server
            lastCookie = currentCookie
          }
        }
      })(),
      1000
    )

@tkurki tkurki merged commit 63cd497 into master Nov 2, 2024
5 checks passed
@tkurki tkurki deleted the browser-logininfo branch November 2, 2024 07:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@panaaj panaaj panaaj approved these changes

@cmotelet cmotelet Awaiting requested review from cmotelet

Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tkurki @cmotelet @panaaj