Reputation: 932
ng-token-auth, ionic, devise_token_auth; token get lost randomly in xhr request
I have inherited a Ionic app which uses ng-token-auth+devise_token_auth to handle the authentication and the session between front and back.
What happens is quite strange. Sometimes (specially with slow connections) the request (or the response) get lost and after that I get only 401 http errors.
I know that that everytime I send a request the token expires, but when the xhr request is cancelled (by the server I suppose, or by the browser, I don't know) the token is expired without having been replaced by the new one generated by devise_token_auth gem.
I know Rails but I'm not familiar with Angular, neither Ionic and I don't know exactly where to look.
After reading a lot of SO answers where noone seems having my problem (which happens locally and in staging/production), I checked the following
storageis set aslocalStorage.config.batch_request_buffer_throttle = 20.seconds- there is no pattern between cancelled requests, sometimes I perform get for the username, sometimes a post or a put to a comment.
- Is not a CORS problem because it would happen always or never. (moreover I'm using a proxy as explained in ionic blog)
- Maybe it could be related to provisional headers chrome bug. But, how can I be sure?
What puzzles my is that it happens only sometimes and not always. (and there are no errors in the backend)
The only workaround I have found in the devise_token_auth documentation is change config.change_headers_on_each_request to false avoiding in this way the regeneration of the token.
But I don't like this solution because I think it hides the real problem in an insecure way instead of solving the token loss. Any suggestion?
Upvotes: 19
Views: 490
Answers (1)
Reputation: 21
Kindly, please check this thing:
Version: which version of this gem (and ng-token-auth, jToker or Angular2-Token if applicable) are you using?
Request and response headers: these can be found in the "Network" tab of your browser's web inspector.
Rails Stacktrace: this can be found in the log/development.log of your API.
Environmental Info: How is your application different from the reference implementation?
This may include (but is not limited to) the following details:
Routes: are you using some crazy namespace, scope, or constraint?
Gems: are you using MongoDB, Grape, RailsApi, ActiveAdmin, etc.?
Custom Overrides: what have you done in terms of [custom controller overrides] 5?
Custom Frontend: are you using ng-token-auth, jToker, Angular2- Token, or something else?
Upvotes: 1
Related Questions
- Auth headers not set using angular-token
- Ionic + AngularJs + Token based authentication
- devise_token_auth always returns 401 Unauthorized
- Getting ng-token-auth to work with devise_token_auth
- Authentication issue with Devise, devise_token_auth, and ng-token-auth
- devise_token_auth is not returning the access-token
- angular 2 and Ng-token-Auth
- Rails Devise token and cookie session at same time
- Devise token auth giving stale tokens
- getting ng-token-auth and devise_token_auth to work with OAuth in ionic InAppBrowser