How to handle Session Expiry in ServiceWorker

# Richard Maher (2 days ago)

If a Fetch in my ServiceWorker receives a 401 from the server how do I re-authenticate with the server if I have no focused or foregrounded client?

NB: I'm talking about POST requests updating the server and not just reading from cache until the network is back.

Bring the client back into focus? Scary for user with no action causing that reaction and they may not be there to login again anyway.

What does Background-Synch do if it gets a 401?

If navigator.credentials was surfaced in a ServiceWorker that would be enough!

Sessions that never expire?

What are other people doing?

Yet again I'm banned from W3C/IETF Github :-(

If someone could add the following to ServiceWorker issues w3c/ServiceWorker/issues/new that would help: - Please

see Use-Case stackoverflow.com/questions/47320790/how-to-handle-session-expiry-in-serviceworker

If a User Session has expired a ServiceWorker currently has no mechanisms available to re-authenticate with the server as there is no heuristic mechanism available for determining credentials.

If the credentials.get() was available then re-authentication could take place transparently. If federated (say Google) then if the user had logged out then that state would be honoured.

Contact us to advertise here
# Richard Maher (2 hours ago)

It seems there has been discussion on this before. Please see GitHub w3c/ServiceWorker#1231

I think that background re-authenticating should be infrequent enough that a notification of the sign-in or failure is an appropriate and user-friendly solution.

Please comment over there if you have any ideas!

Want more features?

Request early access to our private beta of readable email premium.