Authentication token nuked on page refresh


#1

I have an ember-cli application based on token authentication which works just fine until I hit the page refresh.

For example, logging in and going to the /products page shows me the list of products. I can logout and login again as the same or different persons and the /products page can be viewed as usual.

However, I refresh the page and all is lost.

On closer inspection of the logging, I can see that the authorization header bearer token is not being sent so I receive a 401 not authorized.

Also, the whole session init phase during which the token etc. is setup takes place after the route handling process, the reason it doesn’t know about sessions yet.

What am I doing wrong? What is the best practice for initializing the session-handling stuff before anything else happens?

As long as I remain well-behaved and stay within the ember handling state transitions all’s well, go outside and boom.

This goes against the whole idea of universal urls where sending someone a link should allow the person to view it.

Thanks alot in advance.


#2

how are you doing authentication?

Likely you are keeping the token in memory rather than in a way that persists like a cookie or localStorage.


#3

Actually it’s persisted in a cookie.


#4

on page refresh, how are you loading the token and authorizing the ajax request?

a code example would probably make things easier to debug or if can create a reproducible setup in a repo.