Implementing Auto Logout and Token Refreshing with Wiz and Zano
The State Changers meeting had a central issue raised surrounding the management of session tokens and auto logout functionality similar to banking applications. The current issue resides with the platform "Wiz" where the minimum cookie duration is a day, thereby raising security concerns.
The proposed solution involves separating the management of Whiz's details from the in-app token handling. In this new approach, the application will not auto logout based on inactivity like mouse movements, rather it will request new tokens that have shorter durations at regular intervals of interactivity. This mechanism would act like an "idle app."
In addition to saving the token, the planned strategy suggested storing the token's remaining duration in local storage, thus enabling the system to make decisions about token redemption or re-issue as needed. In situations where there are token expiry issues and '401: Unauthenticated' responses from 'Xano', this will be handled as an 'unhappy path' by leading the user to the logout page.
The participants agreed on doing homework for the next session, which includes handling the 'expired token' situation when 'Wiz' thinks the token duration is not yet over. The summarised objective of the meeting, therefore, centered around custom implementation for session management, auto logout functionality, and the handling of security aspects in their system using 'Xano' and 'Wiz'.