ring

2024-04-15T22:20:55.477359Z

When a session cookie expires and say a user still has a page open and they try to perform an action that expects some data in the session cookie. Can the session cookie be nil in that case? Should all our handlers take that into account? I am getting a few weird errors seeming to stem from data in the session being nil and just curious if this is a case I overlooked. We only set the session data upon login so it shouldn't be getting invalidated anywhere else. I do also have some middleware in place that should already redirect to the login page if the session isn't valid so i'm unsure how its even getting to that point in my handlers. Any help is appreciated.

2024-04-15T22:33:18.128959Z

once a cookie is expired the user agent (browser) won't send it any more

2024-04-15T22:35:32.861709Z

it is not uncommon to have some kind of credential refresh that pages run in the background, how this works depends. in oauth when you authenticate you get an access token and a refresh token, the access token is what you use to do stuff, the refresh token is how you get a new access token when the one you have is close to expiring

2024-04-15T22:36:24.423679Z

for session cookies you may just need to to make periodic requests to keep the cookies valid

2024-04-15T23:06:48.883669Z

Right now I have the cookies set to expire after a week. The thing is I have some middlewares in place that should redirect to the login page when the session is invalid

2024-04-15T23:06:56.339439Z

It works that way locally so its weird

2024-04-15T23:07:17.203319Z

Can you explain the order of the ring middleware I have noticed that depending on the order sometimes different behavior occurs

2024-04-15T23:09:41.450019Z

it sort of depends on how you are building your stack of middleware, but assuming you have a base handler H and are doing something like (-> H wrap-a wrap-b wrap-c) then c will start executing, b will start, a will start, then your base handler will be called then return, then b will return, then c will return

2024-04-15T23:13:48.621769Z

the other thing that people can get tripped up on is the default session store for ring is in memory, so if you have multiple servers and don't have some kind load balance that routes a client's requests to the same server every time a users' session might not exist on the server the request goes to