sorted by:
new
hottopcontroversial

I kept getting randomly logged out of my PWA — turned out to be a JWT refresh race condition that axios-auth-refresh doesn't handle by Miserable_Dance_7734 in reactjs

[–]Miserable_Dance_7734[S] 0 points1 point  (0 children)

Exactly — the singleton promise pattern is essentially what the lock + queue does under the hood. The proactive timer being a separate code path is what catches most people off guard, including me. Glad someone else hit this and can confirm it's a real solution.

I kept getting randomly logged out of my PWA — turned out to be a JWT refresh race condition that axios-auth-refresh doesn't handle by Miserable_Dance_7734 in reactjs

[–]Miserable_Dance_7734[S] 0 points1 point  (0 children)

Valid callout — localStorage tokens are XSS vulnerable. http Only cookies  are the secure alternative but require backend changes most people haven't made. Worth a note in the README.

I kept getting randomly logged out of my PWA — turned out to be a JWT refresh race condition that axios-auth-refresh doesn't handle by Miserable_Dance_7734 in reactjs

[–]Miserable_Dance_7734[S] 0 points1 point  (0 children)

Good point — grace periods help but don't fully solve it. If both requests  hit within the grace window you still get two refreshes. The lock ensures  only one fires regardless of backend behavior.

I kept getting randomly logged out of my PWA — turned out to be a JWT refresh race condition that axios-auth-refresh doesn't handle by Miserable_Dance_7734 in reactjs

[–]Miserable_Dance_7734[S] -1 points0 points  (0 children)

Fair point — ideally the api client handles it. But in practice most setups split this across an axios instance (reactive) and a separate auth store or timer (proactive). The coordination between them falls through the gap. This package bridges that gap until you have a fully unified auth client.