Cannot visit more than one shared link #1806
Labels
No Label
dependencies
duplicate
help wanted
invalid
kind/bug
kind/feature
needs reproduction
question
security
wontfix
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: vikunja/vikunja#1806
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Steps to reproduce:
Instead of opening, the fronend hangs on "Authenticating…" and does nothing because of this return (state.auth contains information about the previous shared link).
(A quick fix would be automatic logout when opening different shared link, but I guess this has deeper roots because shared links reuse the same authentication mechanism as regular users. As a consequence, if a registered user visits a shared link, the user is automatically logged out because jwt is being replaced by the shared link — this is a bad UX. I suspect that the authentication mechanism needs to be reworked, but I have no idea how to do it best, so I just leave this note here.)
Ideally you would be able to visit multiple links simultaniously without them overriding each other. As you pointed out, that's not that easy to fix because all api connections assume an authentication token stored in local storage which is shared per domain and not per tab. To fix this, it would need to only store the auth token in memory, but only for link shares and then pass it along. Would require quite some refactoring of the way the api connection is currently implemented.
Turns out, this is a lot less hard than I thought.
I've implemented a change in
a787f6ffc7
which saves auth tokens from link shares in memory only, enabling to view multiple link shares in the same browser without them interfering each other (or a logged in user in the same browser).I'm closing this issue as it is resolved, feel free to reopen if you have any other problems with it.
@konrad it seems I caught a race: the
user/token
andshares/.../auth
requests are sent at almost same time, and the authorization result depends on which response comes lastI've added a timout for renewing the token in
20fd25e280
which should fix that.Now it works 👍
Seems the logout button is no longer needed? Removing it will make shared pages look a bit nicer
Yeah I think that makes sense (
f0e093b3d6
)