Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

[SOLVED] User session terminated on refresh

  • 0
  • Accounts
  • Web
View on Discord
alleycaaat
31 May, 2023, 18:53

Hopefully this isn't a complete dingus of a question.

Tl;dr I'm building a simple web-app with user-auth, upon log in a user is directed to their profile page. While logged in, if the user refreshes the page, they're logged out. Is this the correct response or do I not know what I'm doing?

The user logs in via email and password, an email session is created. I get their user information and send that to context so I can access their ID, name and avatar app-wide:

TypeScript
            setLoading(true);
            await account.createEmailSession(email, password);
            const userInfo = await getCurrentUser();
            
            authUser(userInfo);
            navigate('/profile');
        }

I'm using react-router to have protected paths, I have a helper function that will send a unauthorized user to the log-in if they try to access a restricted page such as profile.

Is the user logged out on refresh because, by default, appwrite uses localStorage for session management, and that's the correct action? Is the solution to add a custom domain as an endpoint? If so, can the app run on a subdomain and a different subdomain accesses the API? If I have example.com, can I use demo-app.example.com for the app and appwrite.example.com for the API? Or does it need to be a subdomain - SLD relationship to work?

Thanks in advance!

TL;DR
TL;DR: User session is being terminated on refresh. Solution is to call `account.get()` on app initialization to check for a valid session. Make sure to persist the session state and authenticate the user each time the page loads. It is recommended to add a custom domain as the API endpoint for increased security. Can use subdomains for the app and API, but they should have a subdomain-SLD relationship to work.
Binyamin
31 May, 2023, 18:55

As Appwrite is your BaaS and your code will run in a body-less frontend you'll need to verify the account each time the pages loads with account.get()

Binyamin
31 May, 2023, 18:56

This is an example of the login flow https://discord.com/channels/564160730845151244/1111116935938187294/1111119219094994966

Pradhumansinh Padhiyar
31 May, 2023, 18:58

You need state persistence to achieve this. Refer this answer from stackoverflow

https://stackoverflow.com/a/53455443/8212469

alleycaaat
31 May, 2023, 19:01

Oh I do! Sorry I blanked on that, that's what getCurrentUser is, it returns the user data via account.get(), which then gets sent to context.

Binyamin
31 May, 2023, 19:02

Good

Binyamin
31 May, 2023, 19:02

But, are you using the getCurrentUser function in each page load? Or only after success login?

alleycaaat
31 May, 2023, 19:06

Only after the success login, because with react-router there isn't typically a reload when changing between pages (at least that's how I understand it).

Binyamin
31 May, 2023, 19:06

It makes sense, Yes.

Binyamin
31 May, 2023, 19:07

But you should add it in each reload - When you're initializing your app - so you'll cover also the case when the user is refreshing the page. Or when the user loads your website from a link or something.

alleycaaat
31 May, 2023, 19:11

Ooh that makes sense, thanks!

alleycaaat
31 May, 2023, 19:33

I tried that and it didn't work, I put a note to be logged when account.get() was called, and I saw the note when expected but the session still gets terminated upon refresh. I think I need to find another way to handle session management.

Binyamin
31 May, 2023, 19:34

the session still gets terminated upon refresh I think this will continue to happened till you run the account.get() upon refresh.

alleycaaat
31 May, 2023, 20:25

I have the call where it'll run automatically when navigating to the different pages, and the console logged notes showed that was working. But on the refresh there isn't an anything for account.get() to return, that's why I think it's with how the session is managed. Unless I'm not understanding something and have gone down the wrong path, certainly an option.

Drake
31 May, 2023, 21:09

what's your tech stack? is that account.get() on refresh executing server side?

alleycaaat
31 May, 2023, 21:36

React (with react-router) and appwrite cloud. I checked and the account.get() is not executing server side on a refresh. I don't think it can because the refresh ends the session, so the user is directed to the log-in screen automatically, maybe?

Drake
31 May, 2023, 22:13

not nextjs?

client side, the SDK should be persisting the session

alleycaaat
31 May, 2023, 22:26

No, I'm still working on learning nextjs, I was late to the game.

That's what I'd understood from the docs, which is why I don't understand my issues. I don't have a domain name set, so I get the console message "Appwrite is using localStorage for session management. Increase your security by adding a custom domain as your API endpoint." upon log-in, but should that matter if I'm deploying locally while developing? I can see it acting up when it's deployed on Vercel, but locally..?

Drake
31 May, 2023, 22:48

so when your app starts, are you calling account.get() to check if they have a valid session?

can you share some of your code?

alleycaaat
1 Jun, 2023, 15:19

Ahhhhh thank you! That's where I went wrong! I moved it to a different component, it works properly now. Hot dang, it's just that easy if you put everything in the right place πŸ˜… πŸ˜‚ Thank you so much for your help!

Drake
1 Jun, 2023, 15:34

[SOLVED] User session terminated on refresh

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more