Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Handling subscribe attempt to private channel when session expired

See original GitHub issue

Do you want to request a feature or report a bug? Potentially a bug

What is the current behavior? No pusher message/event when our server returns a 401 Unauthorized HTTP response to the PusherJS library after an attempt to subscribe to a private channel.

We want to disconnect the socket connection on the client when the server auth step (step 6 in the diagram) returns a 401 HTTP status response. Unfortunately I don’t seem to receive any events from PusherJS library when this happens.

I have tried the following to see what message is received when the PusherJS library receives a 401 on an auth attempt but none of them seem to be triggered:

pusher.connection.bind 'message', (msg) ->
# ... 

pusher.connection.bind "error", (err) ->
#...

pusher.connection.bind "state_change", (states) ->
# ...

this.channel.bind_global((event, data) => {

If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem via https://jsfiddle.net or similar.

User navigates to our app and uses it. This will establish a connection to Pusher
User completes what they’re doing and walks away but leaves their browser and the page open
The user’s session expires
Our app may still be running and we have a background task that attempts to subscribe to a private channel
The subscription attempt will result in our server returning a 401 HTTP response as session is expired
We were hoping/expecting that Pusher would send a message that we can act on, or that the library may receive the 401 and disconnect the socket altogether.

What is the expected behavior? To receive an event so we can act on it and disconnect the socket. Either that or the Pusher library to do that for us.

Or perhaps we have configured something incorrectly.

Which versions of Pusher, and which browsers / OS are affected by this issue? Did this work in previous versions of Pusher? If so, which?

"pusher": "3.0.0",
"pusher-js": "5.0.3",

Firefox, Chrome (but do not believe it is a browser specific issue)

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:8 (3 by maintainers)

Top GitHub Comments

2reactions

leesiocommented, Dec 12, 2019

That’s an interesting theory, @tomfotherby. It’s not immediately clear what could be happening, but I’ll try and look into this issue soon.

1reaction

tomfotherbycommented, Dec 12, 2019

I think we have the same problem. This shows 401’s in our web app, which started flooding in since 10/Sep/19:

Selection_232 (ℹ️ Chrome v77 was released 10/Sep/19 (source))

My theory is that when our UK users started work that day, their Google Chrome auto-upgraded to v77, and there is something related to pusher-js and Chrome v77+ that is causing many more 401’s for us. We reproduced it by logging into our website and opening multiple tabs, then we Log out in one tab, the other tabs will hit our API to request a new pusher token for a private channel every 30 secs, but we return a 401 due to the expired session. This doesn’t happen on Mac or Linux, it seems to happen only for Windows Users. We upgraded our pusher-js npm module from 4.2.1 to 5.0.3 - it didn’t help.