Identity seems flaky (I'm often partially logged-out)

From what I can tell, the Identity JS library and the server-side Identity logic often do not agree on whether I’m logged in or not.

I don’t have a 100% lead on the issue (and I am a developer, so I’m used to looking for these things). The symptoms I’m seeing are:

  • The JS library often thinks I’m logged in (renders the “log out” message), but the page content that is served suggests the server doesn’t agree. (I’m bounced via redirect to the login page.)
  • Logging out and logging sometimes, but not always, helps the situation.
  • Deploying a new version of the site often seems to induce this situation.

Is this a known issue? Is there anything I can do to help understand this situation?

hi there, @scouten :wave:

Thanks for reaching out. It looks like this thread has been quiet since you last wrote in-- thanks for your patience.

I haven’t seen any other reports of this, so I appreciate you bringing this up. Has this occurred again since you last wrote in? Does this happen on every machine / browser you use?

@scouten ,

Sorry for the hold-up. In short, the only thing I can think of is the one hour expiration on JWTs. You’ll want to check out this lengthy discussion for more!

2 Likes

Thank you, that discussion did help immensely.

My situation is slightly different than the OP in that thread I’m not trying to protect a JS application, but rather purely static content, so I do really need to rely on RBAC to protect the underlying content.

There’s a very minimal layer of JS in my content and the critical piece that I learned from that thread (and had missed from other documentation) was that I need to have the browser refresh the token periodically. I’ve added this to my SSG template and it seems to be helping:

  <script>
    window.netlifyIdentity.on('login', (user) => {
      window.netlifyIdentity.refresh(true).then(() => {
        console.log(user);
      });
    });

    window.netlifyIdentity.on('logout', (user) => {
      window.location.href = '/login';
    });

    window.netlifyIdentity.init({ container: '#netlify' });
  </script>

(Cross fingers; it’s still early days …)

Nice! I wonder if this could be ran as part of a Netlify Function too, for the handful of folk that disable Javascript… unless, of course, Javascript is fundamental to the site rendering anyway!

No, JS isn’t fundamental, but this is a low-traffic family site and I’m pretty sure everybody involved allows JavaScript.

With the patch I described above, it mostly works on both Windows and Mac desktop browsers. On my iPad and iPhone I have sometimes seen the logout/login loop as described in this thread.

Argh. And now I’m seeing the login/logout loop on my Mac browsers (both Safari and Chrome) as well. Can’t figure out how to clear enough data to start over. Even on a fresh login, I get the loop.

What should I be looking for?

I’m technically-savvy enough to try some things, but the family members for whom my site is being built are not. I’ll lose them if this happens on the regular.

This has to be more reliable.

If it helps, I can create a clone of this site without the actual content I’m trying to guard and share login info with Netlify staff.

Hi there, @scouten :wave:

It looks like this thread has been a bit quiet the past few days. Are you still experiencing issues? If so, please let me know and I will loop in a member of the team. Thanks!

Still having problems. Will update this thread with an example site I am building shortly.

OK. I have the sense that I’m descending deeper into a challenging rathole. I hope y’all are still with me.

The example site I’ve built out is here: https://netlifyloginexample.com

Backing GitHub repo: GitHub - scouten/netlifyloginexample.com: Sample site to demonstrate problems with Netlify Identity Widget

Settings on the identity page:

I don’t see any signs that these settings are being applied. Neither the subject nor the templates requested are being applied to password recovery or new-user invitations that I’ve sent since they were added.

So I’m kind of at a loss of how to connect the dots and make this system work.

The problems cited here are preventing me from demo’ing the problems I’m having on my other site. (Recursive bugs are fun, no? I’m a developer, so I totally get this.)

Ah, okay! Well, I can see that the templates aren’t working (because browsing to them should work). Unfortunately, they’re gated. Perhaps you’ll want to add them to a path on the site which isn’t gated, and then add a redirect rule mapping the content (an anti regex of sorts):

/assets/* /assets/* 200!
[your other redirect rules]

You can just create rules for each of the files, but it’s easier (and cleaner) to have an un-gated path, IMO.

2 Likes

Looks like that exact syntax didn’t work (resulted in items in the /assets/* path getting 404s), but a close variant of it did:

/assets/* 200!

IOW, removing the second instance of the path made it work as I think you had intended.

OK, so I seem to be past the custom-message problems that were masking my underlying problem.

I noticed, on a separate (private) site that mirrors the setup of netlifyloginexample.com, that I got into the login / logout loop again this evening. When I went to the identity audit log after that happened, I saw the following:

This continued rapid-fire until I manually stopped the browser from this loop.

What can I do to prevent this? (Ideally, as a system-admin, because my end-users are not going to comprehend much for detailed instructions.)

Interesting! Wouldn’t have expected that redirect to work but, hey ho, glad that it has!

As for the token… were you dabbling around in different tabs/windows? This springs to mind, if that’s the case.

1 Like