I'm building a SPA (single page application) and I have multiple parallel javascript requests to my server.
I'm also using the amazing https://github.com/volatiletech/authboss and it's Remember me module which I think has an "issue": is not a bug, is not a problem, is a missing feature!
DESCRIPTION
Let's say I have a rm (remember me) cookie saved in my browser along with the session one.
If the session cookie expires and my SPA sends multiple requests to my server with rm cookie only the first one is correctly authenticated.
The second one (and so on) can't find anymore it's token in the storer (deleted before in the first request flow).
ALGORITHM
I'm using the same algorithm you can find in authboss-sample: https://github.com/volatiletech/authboss-sample/blob/master/storer.go#L333-L352.
RELATED QUESTIONS
- Race Condition for Persistent "Remember Me" Cookies
- How to combine a persistent login cookie with parallel AJAX requests?
- How to fix "Invalid remember-me token (Series/token) mismatch" Error?
- https://github.com/symfony/symfony/issues/28314
- Remember-me fails when two or more requests come at the same time. (without Spring Security)
QUESTION
As you can see this is not strictly a problem with authboss.
What can we suggest to the world?
Can we solve it somehow?
