-
Notifications
You must be signed in to change notification settings - Fork 159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[web] unify link behaviour across tabs #9325
Comments
Jan Ackermann commented: https://developer.mozilla.org/en-US/docs/Web/API/Web_Locks_API seems to be good for tab locking |
I did a bit of research on the concurrent token renewal. Honestly, at this point, I'm not even 100% sure what the real issue is for us. So from my understanding: Let's say you have 2 tabs opened at the same time while storing the access token in the local storage. Now there is a chance that both tabs try to do token renewal at the same time. However, that alone is not yet an issue...? As Web does a silent token renewal 10 seconds before a token expires, the worst thing that could happen is that the silent token renewal takes place 2 times which results in a) one unnecessary renewal and b) an orphaned access token which is (in theory) still valid. Am I missing something? There doesn't seem to be a go-to way to solve these issues. There are a few possibilities:
So all in all, I'm really not sure what to do. What's the real benefit of having the access token in the local storage? When using the session storage and opening Web in another tab or window, the user is being logged in automatically. That takes 1-2 seconds, but IMO that's okay. The only drawback is that opening public links in a new tab/window would require the user to log in. |
A clean way to do it would be to extract the token renewal logic into a service worker, as far as I can remember you then would have only one instance that refreshes the token (which is running in kindof an sandbox mode) and you can then use an eventbus to communicate between the service worker and all clients (browser windows).
Cons would be that we would have to setup all the service worker stuff which would take some time and isn't that easy but I already did an PoC a long time ago: |
I get the idea behind that (and it would probably be the ultimate solution), although making it work with the token renewal process sounds hard. Simply extracting the token renewal method to a service worker won't cut it I think. All that is so deeply integrated in our |
Description
User Stories
Value
Acceptance Criteria
Note: concurrent token renewal could be managed via serviceworker.
Definition of ready
[ ] everybody needs to understand the value written in the user story
[ ] acceptance criteria has to be defined
[ ] all dependencies of the user story need to be identified
[ ] feature should be seen from an end user perspective
[ ] user story has to be estimated
[ ] story points need to be less then 20
Definition of done
[ ] functionality described in the user story works
[ ] acceptance criteria are fulfilled
[ ] code review happened
[ ] CI is green
[ ] critical code received unit tests by the developer
[ ] automated tests passed (if automated tests are not available, this test needs to be created and passed
[ ] no sonar cloud issues
The text was updated successfully, but these errors were encountered: