Hi,
I am using persona for a quite while now for my company's website. However recently I have started facing an issue where the logged in user gets immediately logged out.
Below is my implementation.
login.jade
script(type='text/javascript', src='https://persona.mycompanydomain.com/production/include.js')
login.js
navigator.id.watch({
loggedInUser: currentUser,
onlogin: function (assertion) {
$scope.loginProgress = true;
merchantOnboardService.loginUser(assertion) //Calls my API at backend (Node.js)
.success(function (res) {
//redirects to One Time Password Screen (OTP)
})
.error(function (err) {
navigator.id.logout();
});
},
onlogout: function () {
merchantOnboardService.logoutUser()
.success(function (res) {
})
.error(function (err) {
});
}
});
After verifying the assertion on server, I render an OTP screen (I display this screen for 90 seconds as assertion gets expired in 120 seconds, so call navigator.id.logout() in case 90 sec is over.)
OTP.jade
script(type='text/javascript', src='https://persona.mycompanydomain.com/production/include.js')
OTP.js
navigator.id.watch({
loggedInUser: email || null,
onlogin: function () { },//no code here
onlogout: function () {
$.ajax({
url: '/logout',//my backend route
success: function () {
window.location = '/login';
},
error: function (xhr, status, err) {
window.location.reload();
alert('Logout failure: ' + err);
}
});
}
});
Once OTP is verified I render the home application to user.
index.jade
script(type='text/javascript', src='https://persona.mycompanydomain.com/production/include.js')
index.js
navigator.id.watch({
loggedInUser: currentUser,
onlogin: function () {
},
onlogout: function () {
console.log('onlogout called');
$.ajax({
url: '/logout',
// This is a URL on your website.
success: function () {
window.location = '/login';
},
error: function (xhr, status, err) {
window.location.reload();
alert('Logout failure: ' + err);
}
});
}
});
So the user is logged in and starts working on the panel but suddenly after 1-2 minutes the panels gets logged out. Upon debugging in console I found that below API gets called from my index.html page after a minute or so(curl call below) after which onlogout callback gets called.
curl 'https://persona.mycompanydomain.com/wsapi/list_emails' -H 'Cookie: browserid_state_390030=y_RjoiFp3t3YBEbPAyukgg.jn7pqMccJqd1gRdQYciPKNkCjUtwPyndbakdHlPuU7m2ReZihZRrsYOIQMt0JUZI5Sa1Jj5SicXAS0HSe241-k_YVnzJ0TPdsNIxkzU4iUJPp8O1bWdCVFJENYKyMPSOpWBJxT_trQqYnMzAbzCFeKqNNAbvmzrHUIzSRzsiTYfuAAQFj6WWj1_sHAoHXrqR.1472527936303.2419200000.YWN9s_xi3Cv5bIszoBeJlAiemVHli-jeLd0Gn7i6xuA; can_set_cookies=1; ff.sid=s%3AIy5P3abfktTDo45uvP0S3ri5IHDQ7uOY.YXnGFGDfTetwZWpDLITiY8gDLpWTXoI21YU%2FVH4mSVY' -H 'Accept-Encoding: gzip, deflate, sdch, br' -H 'Accept-Language: en-US,en;q=0.8' -H 'BrowserID-git-sha: bca03be' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36' -H 'Content-type: application/x-www-form-urlencoded' -H 'Accept: application/json;text/plain' -H 'Referer: https://persona.mycompanydomain.com/communication_iframe' -H 'X-Requested-With: XMLHttpRequest' -H 'Connection: keep-alive' --compressed
The response code is 200 but I see no data in it.
This logout issue started coming when I introduced a OTP layer between login and home page. If I disable the OTP of a user (i.e. no OTP screen, direct redirection to home page) the application works fine. Also this issue comes to only 10% of my users and not all.
I am not sure what I might be doing wrong here so any clue or guidance will be beneficial. Thanks in advance.
Hi,
I am using persona for a quite while now for my company's website. However recently I have started facing an issue where the logged in user gets immediately logged out.
Below is my implementation.
login.jade
script(type='text/javascript', src='https://persona.mycompanydomain.com/production/include.js')login.js
After verifying the assertion on server, I render an OTP screen (I display this screen for 90 seconds as assertion gets expired in 120 seconds, so call navigator.id.logout() in case 90 sec is over.)
OTP.jade
script(type='text/javascript', src='https://persona.mycompanydomain.com/production/include.js')OTP.js
Once OTP is verified I render the home application to user.
index.jade
script(type='text/javascript',src='https://persona.mycompanydomain.com/production/include.js')index.js
So the user is logged in and starts working on the panel but suddenly after 1-2 minutes the panels gets logged out. Upon debugging in console I found that below API gets called from my index.html page after a minute or so(curl call below) after which onlogout callback gets called.
curl 'https://persona.mycompanydomain.com/wsapi/list_emails' -H 'Cookie: browserid_state_390030=y_RjoiFp3t3YBEbPAyukgg.jn7pqMccJqd1gRdQYciPKNkCjUtwPyndbakdHlPuU7m2ReZihZRrsYOIQMt0JUZI5Sa1Jj5SicXAS0HSe241-k_YVnzJ0TPdsNIxkzU4iUJPp8O1bWdCVFJENYKyMPSOpWBJxT_trQqYnMzAbzCFeKqNNAbvmzrHUIzSRzsiTYfuAAQFj6WWj1_sHAoHXrqR.1472527936303.2419200000.YWN9s_xi3Cv5bIszoBeJlAiemVHli-jeLd0Gn7i6xuA; can_set_cookies=1; ff.sid=s%3AIy5P3abfktTDo45uvP0S3ri5IHDQ7uOY.YXnGFGDfTetwZWpDLITiY8gDLpWTXoI21YU%2FVH4mSVY' -H 'Accept-Encoding: gzip, deflate, sdch, br' -H 'Accept-Language: en-US,en;q=0.8' -H 'BrowserID-git-sha: bca03be' -H 'User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36' -H 'Content-type: application/x-www-form-urlencoded' -H 'Accept: application/json;text/plain' -H 'Referer: https://persona.mycompanydomain.com/communication_iframe' -H 'X-Requested-With: XMLHttpRequest' -H 'Connection: keep-alive' --compressedThe response code is 200 but I see no data in it.
This logout issue started coming when I introduced a OTP layer between login and home page. If I disable the OTP of a user (i.e. no OTP screen, direct redirection to home page) the application works fine. Also this issue comes to only 10% of my users and not all.
I am not sure what I might be doing wrong here so any clue or guidance will be beneficial. Thanks in advance.