Log-in without token expiration

Tue Jul 08, 2014 12:27 am

I've followed the discussions threads in the forum about a common point some folks have raised about maintaing log-in status unless a user specifically logs-out.

I'm writing to check if there still is a hard 2 hour expiration on session lifetime, since it seemed that there were plans to implement a user configurable expiration. Could you share the timeline for that?

I understand it is possible to check user token and then hide log-in but it would take a bit of implementation and moreover since my log-in page has several UI components, if I hide these on page display I am guessing these will first appear momentarily and then disappear, which ruins user experience.

Most of the apps today allow seamless login for sake of better user engagement and experience. It would be worthwhile if we had this provision within Appery.

Will appreciate any suggestions.

Thank you.

Tue Jul 08, 2014 7:29 am

HI Cody,

Please check this thread:
https://getsatisfaction.com/apperyio/...

Wed Jul 09, 2014 10:16 am

Hi Katya,

Thanks for the pointer. However this is not what I am asking.

Is there an option to make the 120min token expiry time configurable? My interest is in being able to set this to arbitrarily long value, so the user is not logged out unless they choose to do so manually.

If not, is this in your roadmap?

Regards.

Wed Jul 09, 2014 11:42 am

Hi Cody,

Session token expiration time cannot be changed. Here is what you could try:

1) After logging in save username and password that correspond to session token to appropriate localStorage variables.
2) Check this variable when start the app: if it's empty move to login page, and continue if not.
3) If any service returns an error 401 run login service with saved credentials, and then invoke this service again.

This will allow you to login once and update session token.

Tue Jul 22, 2014 7:39 pm

Hi Katya,

Thanks for your feedback on this. I've proceeded with the implementation. One issue I notice is that regarding point 1) above - if I logout after a while, I get a "invalid token" notice (probably as token expires). I can run login service again (if this happens) and logout, but this would introduce delay and impact user experience - is there a cleaner way of logging out?

Many thanks.

Tue Jul 22, 2014 8:09 pm

Hello Cody,

Could you please clarify, why do you need to login and then make logout? If logout doesn't work, the token still expires. You should clear local storage variables you need on complete service of logout.

Tue Jul 22, 2014 11:25 pm

Hi Eugene,

Once a user is logged in, they can choose to logout (for any reason and by choice) by pressing a logout button with the app: this is the case I am trying to address. Are you suggesting that I delete session_token in local storage prior to invoking logout service? I am not clear if that would solve the issue.

Wed Jul 23, 2014 9:34 pm

Hi Cody,

You have two ways to do it:

1 Clear session token before invoke logout service.

2 Clear session token on "complete" event for logout service.

It's up to you to choose one of these ways.

Regards.

Wed Jul 23, 2014 11:47 pm

Hi Yurii,

Thanks for the feedback here: clearing the token is a solution and it works. However, I want the logout to proceed normally in case the token has not expired, so am thinking of the following approach as I had originally speculated:

On press of logout button:
1) Execute logout service as usual.
2) In the event the above returns an error with invalid token message, clear token and logout again.

My question is is there a robust way of knowing that the token has expired (or is Invalid token error message the best we can do)?

Regards.

Thu Jul 24, 2014 4:06 am

Hi Cody,

You don't need to invoke logout service in the case the session is already expired.

Cause of session is not valid now, and could not be used to retrieve any access.

Here is you can read about how to be sure the session is valid: https://getsatisfaction.com/apperyio/...

Regards.