In our Rails application, users are usually encouraged to open multiple browser tabs within hours or days. The problem occurs when on one of these tabs the user logs out, then returns to the system (or the session expires and a new session is created).
This causes CSRF authentication tokens on all other tabs to become invalid. If they try to submit some form or make any ajax request on these tabs without updating, they will receive an error message (and actually log out, because this is the default Rails behavior when an odd authentication token is passed).
This behavior is clearly undesirable. I was wondering what people are doing to gracefully handle situations where the user has a window open for your site, but the authenticity token has expired.
What I do not want to do is just redirect them to the login page, because then they can lose their job if, for example, they write a long blog post or something like that.
The solution that comes to mind is to have some javascript that either polls the server to check if the authentication token has changed or polls the user's cookies to check if the session has changed. I never heard of any of them doing, so I wanted to see what the community was thinking.
Jacob source share