Hi community,
I need to check server-side
Is there something I've overseen or is there some hack to do it?
I've solved it in a different (server-only) way. Now my Payload server is somewhat aware of a user being active or inactive. If someone wants to know about it, feel free to ask.
Oh! I'm happy that nobody has made the effort to respond to my question as the solution is somehow obvious...
voilá
Smart thinking @unonweb! Thanks for commenting with your solution for others to find.
Is this already working for you?
I could be wrong here, but I don't think afterLogout
is will be called unless a user takes the action. How many users click logout before closing the browser tab? You may need to have some additional window events that makes the logout call for them. If this is needed in your admin UI you could add this in a custom provider.
I don't think
afterLogout
is will be called unless a user takes the action.
Damn, you're right. Well my idea now is to make the server aware of the expiry time of the user's session and call the logout functions at the same time when the user is automatically logged out. For my purpose it's important that the user sessions don't last longer than necessary (contrary to this discussion). So therefore I've set tokenExpiration
to a small amount and make regular use of the refresh operation in order to keep the user logged in as long as he/she is active.
But sadly the following code throws "Forbidden: You are not allowed to perform this action."
According to my understanding it's like:
async function refreshToken(origin = 'http://localhost:3000', colSlug = 'users') {
const res = await fetch(`${origin}/api/${colSlug}/refresh-token`, {
method: 'POST',
credentials: 'include',
headers: {
'Content-Type': 'application/json',
},
})
const json = await res.json();
console.log(json)
}
Of course I need to make sure that this is called on the client.
I had it referenced in some afterRead
hooks in order to keep a user session active while they're navigating around.
But then it was called only on the server.
I don't understand why the Payload Admin Panel itself apparently doesn't make use of the refresh-token
endpoint.
It seems like a user's JWT on the Admin Panel simply expires without regarding their activity.
Is that possible? If I set a short tokenExpiration
in my users collection my JWT expires even if I'm using the admin panel.
If it's my responsibility to implement refresh-token
calls - how am I supposed to do it?
afterRead
hooks) I see that there's not Local API 'refresh' operation to resend the JWT.I've solved it in a different (server-only) way. Now my Payload server is somewhat aware of a user being active or inactive. If someone wants to know about it, feel free to ask.
Star
Discord
online
Get help straight from the Payload team with an Enterprise License.