this is FreeAssembly, a non-toxic design, programming, and art collective. post your share-alike (CC SA, GPL, BSD, or similar) projects here! collaboration is welcome, and mutual education is too.
in brief, this community is the awful.systems answer to Hacker News. read this article for a solid summary of why having a less toxic collaborative community is important from a technical standpoint in addition to a social one.
some posting guidelines apply in addition to the typical awful.systems stuff:
(logo credit, with modifications by @[email protected])
Fix the bug that you get logged out when refreshing the page sometimes -- I've noticed this on both Firefox and Safari. The token still exists (at least it's present in document.cookie as jwt), but for some reason it doesn't get sent anymore, so Lemmy thinks you've been logged out.
I've actually looked into this already, but didn't get very far, especially because it doesn't even happen all the time.
Honestly, just storing it in localStorage instead of as a cookie might work ...
oh yeah, this is a bad one. the localStorage idea is a good call.
@self @mii I think storing session tokens in localStorage is considered unsafe because localStorage is more open to XSS attacks. The bigger concern, though, is using JWT for session management at all, which is widely considered a bad idea. Here's one (of many) articles that go into that topic: https://dzone.com/articles/stop-using-jwts-as-session-tokens