YALA-BUG: Token Expires Unexpectedly Resulting In Data Loss

[kerryboyko]

TYPE: BUG
PRIORITY: 2 (Blocks release, but not development)

Title: Token Expires Unexpectedly Resulting in Data Loss

Description: Oftentimes, the user will be considered logged in on the client even after their JWT token has expired. If they've just written a long post or comment and try to submit, they'll be redirected back to the login screen to re-log in, losing all of the data they just used.

This may be because the original coder (Kerry) didn't set up refreshing correctly, or that there needs to be some alternative method for refreshing tokens.

Steps to reproduce:

• Create a user
• Login
• Create a new community, post, or comment, but do not submit it.
• Wait an hour for the token to expire
• Submit.

Expected results: Either the token automatically refreshes in the background without the user having to do anything, or five minutes before token expiration, a notice is given to the user as a dialog and a timer. If they click yes, refresh the token. If they click no, or the timer runs out, log them out, destroying the session on the client, and send them to the home page.

Actual results: The user does not realise the JWT is invalid until after they try to do something and are booted to the Login page.