Invalid JWT should redirect frontend to login page #1927
Labels
No Label
dependencies
duplicate
help wanted
invalid
kind/bug
kind/feature
needs reproduction
question
security
wontfix
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: vikunja/vikunja#1927
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
When the Vikunja container is recreated, all the tokens become expired. A user trying to log in after this happens is not directed to the login page, instead a small error is displayed in the bottom corner which says that the JWT is expired.
A potential solution to this would be to redirect to the login page on expired JWT, unsure how feasible this will be as the login page and the "home" page are at the same URL.
You'll want to set a jwt secret to avoid all sessions getting invalidated when you restart the container.
In the next release (already in unstable) the behaviour was changed to do exactly what you're describing: When the user visits the page with an expired token the login page is displayed instead of an error.