Fix session state issues #483
Conversation
The cause of this data corruption is: after successfully logging in and unlocking the keystore, the `useEffect` in `LocalStorageKeystore` calls `setCachedUsers` to update the cached users (to copy the `prfKeys` from the logged-in user's `privateData` to the matching cached user). But when there are two tabs open simultaneously, that code runs simultaneously in both tabs, and the `globalUserHandleB64u` is different between the two tabs. The user1 tab has `globalUserHandleB64u` set to the user handle of user1, and the user2 tab has `globalUserHandleB64u` set to the user handle of user2. So the result is that both cached users get updated with user2's `prfKeys`, which then causes the user to be logged into user2 even if they press the cache button labeled "Log in as user1".
|
@gkatrakazas I've force-pushed over this branch with a new fix which seems to work more reliably and not log the user out immediately on signup. Please give this another go! |
There was a problem hiding this comment.
Great work! Everything seems to function perfectly in most cases. However, I noticed one case: when a user logs in or signs up in one tab, causing another user tabs to log out, the SessionContext logout function is not triggered but on userInactivity works as expected.
|
Ah, right. That was intentional because the |
|
The primary issue addressed in my PR (#488) was the multiple event listeners being attached to a single tab and the repeated session cleanup processes. The goal was to streamline the cleanup process to ensure it executes efficiently and consistently for every logout or session termination. Feel free to evaluate if this improves the overall cleanup process. |
Fixes part of #474: log out whenever
apiandkeystoreare not both logged in. This fixes the issue withsessionStorageattributes from theapimodule remaining after the idle logout enforced by the keystore.