Spontaneous log out from app (presumably because of batch requests)

[astr0gator]

Sometimes I'm facing an issue of spontaneous log out from app (approximately several times a day, but it depends on intensity of usage). I examined logs but everything seems to be ok (e.g. token is present, method is working, request is very typical etc.). On a first glance it doesn't depend on anything in particular, just usual get requests. I tried to find an answer on StackOverflow and here but without luck.

In initializers/devise_token_auth.rb I have config.token_lifespan = 4.weeks and config.batch_request_buffer_throttle = 5.seconds.

Backend is on Heroku. Devise_token_auth v0.1.33. Rails 4.2.0.

I understand, that it's a bit vague. I would be happy to provide more information, just need some directions.

Would appreciate any ideas.

[finayev]

I was just having the same problem for couple of days and i found out that when a batch request was processed, my client application was extracting an access token, even though it wasn't supposed to be set in SetUserByToken concern. I'm still not sure if this is an issue with my client's app http library (using Alamofire) - some header caching or something - or if this is an issue with this library, but i was able to fix this for myself by overriding the SetUserByToken concern and specifically setting access token to constant value (such that my client app knows this means token is unchanged from previous request). Below is how it looks

def update_auth_header

    # cannot save object if model has invalid params
    return unless @resource and @resource.valid? and @client_id

    # Lock the user record during any auth_header updates to ensure
    # we don't have write contention from multiple threads
    @resource.with_lock do

      # determine batch request status after request processing, in case
      # another processes has updated it during that processing
      @is_batch_request = is_batch_request?(@resource, @client_id)

      auth_header = {}

      if not DeviseTokenAuth.change_headers_on_each_request
        auth_header = @resource.build_auth_header(@token, @client_id)

        # update the response header
        response.headers.merge!(auth_header)

      # extend expiration of batch buffer to account for the duration of
      # this request
      elsif @is_batch_request
        auth_header = @resource.extend_batch_buffer(@token, @client_id)
        response.headers['Access-Token']='_BATCH_UNCHANGED_'

      # update Authorization response header with new token
      else
        auth_header = @resource.create_new_auth_token(@client_id)

        # update the response header
        response.headers.merge!(auth_header)
      end

    end # end lock

  end

Hope it helps you too.

[astr0gator]

@finayev, thank you. Could you please share your initializer with patch?

[astr0gator]

It looks like we are not alone with this issue:
#51
#403

@lynndylanhurley I'm not closing this issue but feel free to close it if you see that it's the same problem.

[zachfeldman]

Hi there @fertingoff ,

In an effort to cleanup this project and prioritize a bit, we're marking issues that haven't had any activity in a while with a "close-in-7-days" label. If we don't hear from you in about a week, we'll be closing this issue. Obviously feel free to re-open it at any time if it's the right time or this was done in error!

If you are still having the issue (especially if it's a bug report) please refer to our new Issue Template to provide some more details to help us solve it.

Hope all is well.