When a session cookie expires and say a user still has a page open and they try to perform an action that expects some data in the session cookie. Can the session cookie be nil in that case? Should all our handlers take that into account? I am getting a few weird errors seeming to stem from data in the session being nil and just curious if this is a case I overlooked. We only set the session data upon login so it shouldn't be getting invalidated anywhere else. I do also have some middleware in place that should already redirect to the login page if the session isn't valid so i'm unsure how its even getting to that point in my handlers. Any help is appreciated.
once a cookie is expired the user agent (browser) won't send it any more
it is not uncommon to have some kind of credential refresh that pages run in the background, how this works depends. in oauth when you authenticate you get an access token and a refresh token, the access token is what you use to do stuff, the refresh token is how you get a new access token when the one you have is close to expiring
for session cookies you may just need to to make periodic requests to keep the cookies valid
Right now I have the cookies set to expire after a week. The thing is I have some middlewares in place that should redirect to the login page when the session is invalid
It works that way locally so its weird
Can you explain the order of the ring middleware I have noticed that depending on the order sometimes different behavior occurs
it sort of depends on how you are building your stack of middleware, but assuming you have a base handler H and are doing something like (-> H wrap-a wrap-b wrap-c) then c will start executing, b will start, a will start, then your base handler will be called then return, then b will return, then c will return
the other thing that people can get tripped up on is the default session store for ring is in memory, so if you have multiple servers and don't have some kind load balance that routes a client's requests to the same server every time a users' session might not exist on the server the request goes to