W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2017

[whatwg] How to handle Session Expiry in ServiceWorker

From: Richard Maher <maherrj@googlemail.com>
Date: Tue, 21 Nov 2017 08:20:38 +0800
Message-ID: <CABvL1xrTMLm5CTp1X7LLBrJCV1F+ckJt9FwhseNrjzaisLOqvg@mail.gmail.com>
To: WHAT Working Group <whatwg@whatwg.org>
If a Fetch in my ServiceWorker receives a 401 from the server how do I
re-authenticate with the server if I have no focused or foregrounded client?

NB: I'm talking about POST requests updating the server and not just
reading from cache until the network is back.

Bring the client back into focus? Scary for user with no action causing
that reaction and they may not be there to login again anyway.

What does Background-Synch do if it gets a 401?

If navigator.credentials was surfaced in a ServiceWorker that would be
enough!

Sessions that never expire?

What are other people doing?

Yet again I'm banned from W3C/IETF Github :-(

If someone could add the following to ServiceWorker issues
<https://github.com/w3c/ServiceWorker/issues/new> that would help: - Please
see Use-Case
<https://stackoverflow.com/questions/47320790/how-to-handle-session-expiry-in-serviceworker>

If a User Session has expired a ServiceWorker currently has no mechanisms
available to re-authenticate with the server as there is no heuristic
mechanism available for determining credentials.

If the credentials.get() was available then re-authentication could take
place transparently. If federated (say Google) then if the user had logged
out then that state would be honoured.
Received on Tuesday, 21 November 2017 00:21:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 21 November 2017 00:21:09 UTC