401 Unauthorized" error: the session is lost just before the Session Warning modal appears.#8874
Merged
Conversation
…y and introduce safe storage access methods. Enhance session renewal logic and improve error handling for BroadcastChannel creation. This ensures more robust session management and clearer code structure.
Contributor
|
QA server K8S was successfully deployed https://ci-e8ff4ec9ab.engk8s.processmaker.net |
…ser clicks "STAY CONNECTED". This ensures the UI/state remains in sync without blocking the leader worker start. Improved error handling for the reload process.
Contributor
|
QA server K8S was successfully deployed https://ci-e8ff4ec9ab.engk8s.processmaker.net |
…on expiration and refresh Passport API cookie. Enhance error handling for session unavailability and return CSRF token in response.
This commit introduces a new file, csrfToken.js, which contains functions to manage CSRF tokens in the application. It includes methods to read the current CSRF token, apply it to axios requests, and attach a request interceptor to ensure the latest token is used for every request. This enhances security and ensures proper handling of CSRF tokens in client-side requests.
… applies it to future requests, ensuring improved security and synchronization of session state. Emit an event when the token is updated for better state management.
This commit reorganizes the CSRF token handling by importing utility functions for applying the CSRF token and attaching the request interceptor. It ensures that the CSRF token is consistently applied to axios requests across the application, enhancing security and session management. The code structure is improved by removing redundant lines and consolidating CSRF-related logic.
Contributor
|
QA server K8S was successfully deployed https://ci-e8ff4ec9ab.engk8s.processmaker.net |
henryjonathanquispe
approved these changes
Jun 23, 2026
Contributor
|
QA server K8S was successfully deployed https://ci-e8ff4ec9ab.engk8s.processmaker.net |
This commit introduces a session renewal interceptor that ensures the Laravel session and CSRF token are refreshed before API requests when the session is close to expiring. It also refactors the CSRF token management in `csrfToken.js` to utilize `globalThis` for better compatibility and adds debugging logs for session renewal processes. The changes improve session management and security across the application.
Contributor
|
QA server K8S was successfully deployed https://ci-e8ff4ec9ab.engk8s.processmaker.net |
…nd improving threshold calculations
… enhancing accessibility and styling. Implement body scroll locking and focus management for improved user experience during session interactions.
Contributor
|
QA server K8S was successfully deployed https://ci-e8ff4ec9ab.engk8s.processmaker.net |
… improved session synchronization accuracy
|
Contributor
|
QA server K8S was successfully deployed https://ci-e8ff4ec9ab.engk8s.processmaker.net |
eiresendez
approved these changes
Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ticket FOUR-31932
Update timeout-related variables to use Number for better type safely and introduce safe storage access methods. Enhance session renewal logic and improve error handling for BroadcastChannel creation. This ensures more robust session management and clearer code structure.
The code to extend the session and refresh the token held by the UI was also added.
Implement session renewal interceptor and enhance CSRF token management
This commit introduces a session renewal interceptor that ensures the Laravel session and CSRF token are refreshed before API requests when the session is close to expiring. It also refactors the CSRF token management in
csrfToken.jsto utilizeglobalThisfor better compatibility and adds debugging logs for session renewal processes. The changes improve session management and security across the application.ci:deploy