Update session timeout poll response handling to omit timeout on inactive session

[aduth]

🛠 Summary of changes

This supports #7966 and #8507, with the goal of improving the resiliency of how a timed-out session behaves:

• Handling a 401 server response generated by Devise for an expired cookie
• Omitting any timeout value for an inactive session
  • Previously, it would be set to the current time, which could create issues with considering a timed-out session as being a future time. Even in how it behaves in main with including a small offset, it could run risk of drift between server and frontend. The frontend doesn't currently do anything with timeout except in the case that the session is still live, so this is not likely a problem for the moment.
• Further normalization of frontend response to convert received timeout string to a date in the mapped response status.

An alternative approach could be to adopt something like how it behaves in main with the small offset, which does simplify by always being able to assume that timeout is present and a string in the response. It's unclear if server/client drift would ever actually be a problem, or if it's safe to assume that any drift would always be in the direction of making the session more timed-out.

[aduth]

The types here were giving me trouble where I was hoping TypeScript would be a bit smarter about resolving between true & false to narrow the type, but it wasn't working the way I'd hoped.

[aduth]

This test wasn't effective in testing that the request will throw, since the fallback handling for "unexpected promise resolution" is what was being caught, not the error thrown by request.

[zachmargolis]

LGTM

[zachmargolis]

how come have both SessionStatus and SessionStatusResponse? I feel like having the union type is useful for the actual TS code, since the code is already mapping responses from the server explicitly, having the union type for SessionStatusResponse seems like it doesn't give us much?

[aduth]

It was probably useful when I was trying different implementations to get the type narrowing to cooperate with different generic forms. I suspect I left it mostly as a nice symmetry between the "input" and "output" types. Ultimately though, yeah, it's unused, and if anything the overloaded function generic using it would be clearer by just spelling out the union of overloaded forms explicitly.

[zachmargolis]

yeah if I was writing this I'd probably collapse the "raw" server types into a singular one, and use the union type for the one passed around in TS code

[aduth]

Hm, I think I may have initially misunderstood the suggestion. But after digging in, both interpretations lead me to think that maybe it's worth keeping as-is:

• If the idea is to remove SessionStatusResponse as a union of SessionLiveStatusResponse | SessionTimedOutStatusResponse, while keeping the latter types, this makes sense for the overloaded method signature, but makes the request generic parameter below a little less expressive.
• If the idea is to flatten SessionStatusResponse as the interface and update property types to reflect all forms (live: boolean; timeout: string | null), this makes TypeScript unable to do type narrowing in the logic of the mapping function, specifically on calling the Date constructor with a possibly-null timeout (screenshot).

As a compromise, I'd suggest keeping the union type for the request calls, and updating the overloaded signature to re-reference the individual response types, to reflect the overloaded forms. See 0b0efb5.

[zachmargolis]

yeah I had intended the "flatten SessionStatusResponse as the interface and update property types to reflect all forms" approach, but the screenshot makes a good case for keeping. Thanks for trying!