Login/Register
ng-token-auth, ionic, devise_token_auth; token get lost randomly in xhr request
Asked Answered
angularjscordovaruby-on-rails-4devise-token-auth
P

1

19

I have inherited a Ionic app which uses ng-token-auth+devise_token_auth to handle the authentication and the session between front and back.

What happens is quite strange. Sometimes (specially with slow connections) the request (or the response) get lost and after that I get only 401 http errors.

I know that that everytime I send a request the token expires, but when the xhr request is cancelled (by the server I suppose, or by the browser, I don't know) the token is expired without having been replaced by the new one generated by devise_token_auth gem.

I know Rails but I'm not familiar with Angular, neither Ionic and I don't know exactly where to look.

After reading a lot of SO answers where noone seems having my problem (which happens locally and in staging/production), I checked the following

  • storage is set as localStorage.
  • config.batch_request_buffer_throttle = 20.seconds
  • there is no pattern between cancelled requests, sometimes I perform get for the username, sometimes a post or a put to a comment.
  • Is not a CORS problem because it would happen always or never. (moreover I'm using a proxy as explained in ionic blog)
  • Maybe it could be related to provisional headers chrome bug. But, how can I be sure?

What puzzles my is that it happens only sometimes and not always. (and there are no errors in the backend)

The only workaround I have found in the devise_token_auth documentation is change config.change_headers_on_each_request to false avoiding in this way the regeneration of the token.

But I don't like this solution because I think it hides the real problem in an insecure way instead of solving the token loss. Any suggestion?

Pastiche answered 8/12, 2015 at 0:8 Comment(2)
Did you find the solution to this? I have same kind of a problem..Bouleversement
Sadly not. :( But I discovered that it was due a failing request in the middle that caused the token to be discarded. But we kept the workaround with false anyway.Pastiche
W
1

Kindly, please check this thing:

  • Version: which version of this gem (and ng-token-auth, jToker or Angular2-Token if applicable) are you using?

  • Request and response headers: these can be found in the "Network" tab of your browser's web inspector.

  • Rails Stacktrace: this can be found in the log/development.log of your API.

  • Environmental Info: How is your application different from the reference implementation?

    This may include (but is not limited to) the following details:

    Routes: are you using some crazy namespace, scope, or constraint?

    Gems: are you using MongoDB, Grape, RailsApi, ActiveAdmin, etc.?

    Custom Overrides: what have you done in terms of [custom controller overrides] 5?

    Custom Frontend: are you using ng-token-auth, jToker, Angular2- Token, or something else?

Westfahl answered 20/2, 2021 at 8:12 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.