Summary
After being away from the app for a while (long enough for the JWT to expire), revisiting /index.html directly shows the UI logged in as a previously cached user, but with no warranty data. Logging out or pressing F5 restores normal behavior — the login screen appears and works as expected.
Steps to reproduce
- Log in normally, then close the browser tab (do not log out)
- Wait long enough for the JWT to expire (or manually clear server-side session)
- Reopen the app at
/index.html
Expected: Redirect to /login.html.
Actual: Header renders the cached username, warranty list is empty (every API call returns 401). Manual logout or F5 then redirects to login correctly.
Root cause analysis
This appears to be an interaction between three components:
1. sw.js uses stale-while-revalidate for HTML/JS
return cachedResponse || fetchPromise;
Cached index.html and JS render instantly on revisit.
2. auth-redirect.js checks token presence, not validity
const isAuthenticated = !!localStorage.getItem('auth_token');
if (isProtected && !isAuthenticated) { window.location.href = 'login.html'; }An expired JWT is still a non-empty string in localStorage, so the redirect to login.html never fires.
3. auth-new.js renders cached user_info synchronously, validates async
if (authToken && userInfo) {
currentUser = JSON.parse(userInfo);
updateUIForAuthenticatedUser(); // stale name shown immediately
validateToken(); // fires async, eventually 401 → clearAuthData
}During the gap, the UI shows the stale cached username while script.js issues warranty fetches with the expired token → all 401 → empty list.
Suggested fix directions
auth-redirect.js could decode the JWT and check exp before treating the token as valid- Or: await
validateToken() before rendering authenticated UI
- Or: switch SW strategy for
index.html to network-first
Environment
- Image:
ghcr.io/sassanix/warracker/main:latest (release 1.0.2)
- Deployed via Docker Compose on Synology NAS
Question
I noticed commit 0e46c81 on main rewrites frontend state management — does that already address this, by chance? And is there a rough timeline for the next release (1.0.3 / 1.1)?
Thanks for the great project!
Summary
After being away from the app for a while (long enough for the JWT to expire), revisiting
/index.htmldirectly shows the UI logged in as a previously cached user, but with no warranty data. Logging out or pressing F5 restores normal behavior — the login screen appears and works as expected.Steps to reproduce
/index.htmlExpected: Redirect to
/login.html.Actual: Header renders the cached username, warranty list is empty (every API call returns 401). Manual logout or F5 then redirects to login correctly.
Root cause analysis
This appears to be an interaction between three components:
1.
sw.jsuses stale-while-revalidate for HTML/JSCached
index.htmland JS render instantly on revisit.2.
auth-redirect.jschecks token presence, not validityAn expired JWT is still a non-empty string in localStorage, so the redirect to
login.htmlnever fires.3.
auth-new.jsrenders cacheduser_infosynchronously, validates asyncDuring the gap, the UI shows the stale cached username while
script.jsissues warranty fetches with the expired token → all 401 → empty list.Suggested fix directions
auth-redirect.jscould decode the JWT and checkexpbefore treating the token as validvalidateToken()before rendering authenticated UIindex.htmlto network-firstEnvironment
ghcr.io/sassanix/warracker/main:latest(release 1.0.2)Question
I noticed commit
0e46c81onmainrewrites frontend state management — does that already address this, by chance? And is there a rough timeline for the next release (1.0.3 / 1.1)?Thanks for the great project!