** CRITICAL BUG ** : Anyone has a fix? Else weweb is unusable using token based auth

Hi all,

I just found out that if you are using external auth, the Auth Token is erased upon hard refresh. It does not redirect or anything, it is simply erased since the session ended. And the app would generally become unresponsive.

Has anyone found a safe way to persist the token?

I was assuming it to be functional out of box, but it is not. I am guessing it is not an unreasonable expectation either.

Given this behavior, the only option is to use weweb authentication, which is not always preferable.

I am guessing there are production apps (I am hoping). How did any of you release the app in production with this critical bug? What fix did you make?

1 Like

I think you’re mistaken, but I could be wrong. I’ll let others chime in.

We use Xano auth and it works just fine, whether you hard refresh, quit the browser, etc.

If you hard refresh and the auth token is erased, it sounds like you’re saving and retrieving the auth token somewhere else other than saving it as a cookie.

Perhaps this thread will help— Login with authToken (MagicLink) - #20 by cbpcanda

I think the problem is there. I had a chat session with support and they think so too. That is why I am looking for a hack quickly. Since the response was somewhat depressing and did not look like there is a built in solution in near future.
On a quick read it seems there is a hack via custom javascript using session cookies. This is what I was hoping to find. I will try it later and let you know if it works.

Yeah I hadn’t noticed that before. For me it seems to be a conditional display issue rather than a full logout. When I refresh, sometimes it keeps the same, sometimes it switches to the default. When it switches, sometimes it updates to the correct item when I tap the default, and other times it opens the signup dialogue.

You can see the unpredictable behavior in the video below, skip to 30 seconds in sorry:

login and the auth icons appear top right
refresh once and it’s ok
Refresh again and it shows login (non-auth)
Tap the login and it corrects to icons
Refresh a couple times and it pops in correctly
Go to profile page and refresh
Non-auth content appears
Return to home by address bar and shows non-auth

yeah, very similar but auth is broken. Depending on who is logged in the view changes. Even certain functionality is switched on or off. So auth token disappearing causes havoc.
here is the loom I shared with support: here is the video: Loom | Free Screen & Video Recording Software | Loom

@weweb-team?? @aurelie? @Quentin? Can you chime in?

Our CTO is working on the issue as we speak. I don’t have any ETA for now. But I’ll keep you posted.

1 Like

The fix is in production :wink:

1 Like

I was having these issues too. Have you got docs on how often you fire requests to the GET user and Refresh token endpoint? I am getting 2600 requests a minute which seems very over kill.

I’ll check with the tech team, but that shouldn’t be so much :fearful:

Thanks @Quentin and team. I think the fix works, but I think it has created some kind of conflict with some layout components. I am going by correlation here and I have no idea whether the fix caused this new issue or not.
The new UI issue is basically in tabbed container. My app has a couple of tabbed containers. So after a hard refresh, the tab headers UI is messed up. It gets completely misaligned. This was not happening before the fix was in. So I am jumping to conclusions here.
Any hints or ideas what settings should I be looking for to fix this issue.

I made a couple of loom videos for support team, linking them here.

video 1: Loom | Free Screen & Video Recording Software | Loom

video 2: Loom | Free Screen & Video Recording Software | Loom

The UI issue is also fixed. It was not related :slight_smile:

1 Like

For me the same issue still be actual.
When a token is lost, the application’s actions are unpredictable. No redirect to login page. It is extremely bad that the user is left with a blank page with no content, because the content is issued in exchange for a token. Also, the token is lost within just a few hours.
The token can be lost simply while using the application and then the video playback freezes for example.

We need a hotfix!
We just moved from Adalo and my users are burning our support team with the same question.