Thursday, 1 November 2018

ng-token-auth, ionic, devise_token_auth; token get lost randomly in xhr request

I have inherited a Ionic app which uses ng-token-auth+devise_token_auth to handle the authentication and the session between front and back.

What happens is quite strange. Sometimes (specially with slow connections) the request (or the response) get lost and after that I get only 401 http errors.

I know that that everytime I send a request the token expires, but when the xhr request is cancelled (by the server I suppose, or by the browser, I don't know) the token is expired without having been replaced by the new one generated by devise_token_auth gem.

I know Rails but I'm not familiar with Angular, neither Ionic and I don't know exactly where to look.

After reading a lot of SO answers where noone seems having my problem (which happens locally and in staging/production), I checked the following

  • storage is set as localStorage.
  • config.batch_request_buffer_throttle = 20.seconds
  • there is no pattern between cancelled requests, sometimes I perform get for the username, sometimes a post or a put to a comment.
  • Is not a CORS problem because it would happen always or never. (moreover I'm using a proxy as explained in ionic blog)
  • Maybe it could be related to provisional headers chrome bug. But, how can I be sure?

What puzzles my is that it happens only sometimes and not always. (and there are no errors in the backend)

The only workaround I have found in the devise_token_auth documentation is change config.change_headers_on_each_request to false avoiding in this way the regeneration of the token.

But I don't like this solution because I think it hides the real problem in an insecure way instead of solving the token loss. Any suggestion?



from ng-token-auth, ionic, devise_token_auth; token get lost randomly in xhr request

No comments:

Post a Comment