Xano Auth : Get kicked on Private page

Hello, I’m finishing my app and I have an issue with Xano & Private pages.
When my user register or login they enter in the app. The homepage is a private page which require the visitor to be logged and redirect to the login page otherwise.
The login works, the user can enter in the app and request his data

But when the user switch pages he get kicked out and redirect to the login.
I tried to manually change the URL to access to private pages without login again and it works, so I think the app doesn’t log out

How to reproduce the bug ?
Switch fast between pages. The issue appears only when a page is loading and the user request an other page.

As the user is still logged in, I think the issue is not on Xano’s side but on Weweb. I might have done something wrong

Please help me to fix this.
Thanks

Hi, can I let you open a ticket on support.weweb.io please ? We will take a look :slight_smile:

I’m seeing this too — when a user logs in to the app, sometimes when they go to a different page, it logs them out and shows the login screen. It seems to be every few pages, and random. I can’t detect a pattern.

Here’s a Loom video:

I was seeing this behavior sometimes in the editor, but was hoping it was just an editor weirdness. I just published to staging for the first time a few days ago, and seeing it there too.

  • I have user roles set up, it’s an enum in the Xano user table, and text fields (not a list/obj) in the Xano Auth plugin in WeWeb. (I considered the fact that it’s an enum and not text, but if that was the issue, I’d expect it to never work. And really, the value of an enum is a string, so that seems fine.)
  • Most pages are set to “authenticated users only”, but some are only to “company OR admin” or “operator OR admin” — never “and”. Only Login/Signup are not gated.
  • Xano API requests seem like they’re working fine. (I’m occasionally getting 429 rate limited because I’m currently on the free Xano plan, but that is not, I think, the actual issue. At least, I don’t think so; if I go to the API Request History in Xano, I don’t see any 429 errors, but I do get that error in the dev tools.)
  • I am also seeing the behavior @m_aurelion noted above, where if you get kicked to the login screen, and then go to the URL directly, you seem to be logged in and the page loads just fine. (Not in the video, I tested this after.)
1 Like

I had this exact problem, you need to get a paid Xano plan and the problem resolves.

2 Likes

Do you have the issue with speed navigation ?
try a path from page A to B to C and wait pages to load.
Try this same page A to B to C but switch fastly between pages

Just paid plan ? no change at all ?

Yes.

For everyone having this issue, its happening because the Xano free plan has a limit of 10 requests every 20 seconds. If you change page and have reached the rate limit then the automatic request verifying the current user on page change will fail and you will be redirected because you will be considered not logged in.

1 Like

Do you plan to adapt Weweb to works with a free plan ?

It actually works. We plan to work on the UX yes but you will still have to wait 20 seconds before being able to display your page once the rate limit reached, we can’t do anything for that.

@Alexis thanks for the update. The behavior just isn’t what I would expect.

what happens:

  • you are logged in; you go to page(s) and hit the rate limit
  • you are redirected to the login screen, but you are actually still logged in because if you go directly to the URL, you will see the correct page/content

what i would expect:

  • you are logged in; you go to page(s) and hit the rate limit
  • the data doesn’t show up, page is empty, but you’re still logged in

Why is it that we get redirected to the login screen?

If its a private page we check if you’re logged in before returning you the page. If we can’t check with Xano you’re still logged in because of the rate limit then we can’t return you the page, even with empty data.

Yes the redirection is wrong because our plugin think you’re not logged in but you still are, but he can’t know because he get a 429, not a 400 or a 200, he only know he reached the rate limit, but we didn’t handled this case so it fallback to his default behavior when an error happen on a fetch me request (meaning he can’t get the current logged in user).

As I said, we can’t return you the page, so the only thing we could do is allow you to set a 429 page where you are redirected once you reached the limit so you can display a message to ask users to retry in 20 seconds.

Keep in mind Xano free plan is not made to be used in production. 10 requests every 20 seconds is nothing, Even by using your app alone you will reach the limit if you log in, visit 2 pages and load a bunch of collections. It only allow you to test a little.

I understand it can be frustrating and we will try to explore way to make it better for free Xano users. We already added some specific retry logics in the editor to allow our free xano users to have a more smooth experience while building, should be released this week.

Xano gives an auth token, why do you need to request xano for each page ?

Because we don’t know if the token is still valid and we don’t have access to the roles without fetching the user.

Ahh, this makes a lot of sense. Thank you for explaining @Alexis !