-
-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refresh JWTs for account switching #1596
Comments
Maybe we can refresh all JWTs at the same time we're checking them which user we should use. We do this here: stacker.news/pages/api/graphql.js Lines 85 to 123 in 8c43cae
and we use stacker.news/pages/api/auth/[...nextauth].js Lines 94 to 103 in 8c43cae
|
Can I solve this issue? |
Sure, I'll assign you |
Describe the problem you're trying to solve
The JWT stored in the
multi_auth
cookies are never refreshed. This means they expire in 30 days.This could be the reason for #1573 and why account switching stops working after some time. It would at least make sense.
Currently, account switching probably just completely stops working and you need to clear cookies to recover. This is pretty bad and something I didn't really make sure fails gracefully in #489.
Describe the solution you'd like
Refresh all JWTs stored
multi_auth
cookies on every request—or at least the one that is currently used since we always use themulti_auth
cookie if the pointer cookie is set.Describe alternatives you've considered
Fail gracefully if JWTs are expired
Additional context
No response
The text was updated successfully, but these errors were encountered: