Skip to content

Client does not implement refresh token handling, causing unnecessary logouts #3101

New issue
New issue
Open
Open
Client does not implement refresh token handling, causing unnecessary logouts#3101
@djclarkson

Description

@djclarkson
djclarkson
opened on Jan 7, 2026

Description

The server correctly implements refresh token support (issues refresh tokens on login, has /auth/refresh endpoint), but the client never uses refresh tokens. This causes users to be logged out after the access token expires (default 2 hours) even though their refresh token is still valid (default 7 days).

Current Behavior

  1. User logs in - server returns token and refreshToken
  2. Client stores only token, ignores refreshToken
  3. After 2 hours, access token expires
  4. Client receives 401, immediately clears auth and redirects to login
  5. User must log in again

Expected Behavior

  1. User logs in - server returns token and refreshToken
  2. Client stores both tokens
  3. After 2 hours, access token expires
  4. Server returns 403 "Request new access token"
  5. Client calls POST /auth/refresh with refresh token
  6. Client receives new access token, retries original request
  7. User session continues seamlessly for 7 days

Affected Files

  • client/src/Features/Auth/authSlice.js - Only stores token, not refreshToken
  • client/src/Utils/NetworkService.js - Never sends x-refresh-token header, no refresh logic on 401/403

Proposed Fix

I have a working fix and will open a PR.

Changes:

  • Store refreshToken in Redux state on login/register
  • Send x-refresh-token header with all requests
  • On 403 response, call /auth/refresh to get new token
  • Retry failed requests with new token
  • Queue concurrent requests during refresh to prevent race conditions

Environment

  • Server version: latest (docker image bluewaveuptime/uptime_server:latest)
  • Client version: latest (docker image bluewaveuptime/uptime_client:latest)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions