Handling subscribe attempt to private channel when session expired
See original GitHub issueDo you want to request a feature or report a bug? Potentially a bug
What is the current behavior? No pusher message/event when our server returns a 401 Unauthorized HTTP response to the PusherJS library after an attempt to subscribe to a private channel.
We want to disconnect the socket connection on the client when the server auth step (step 6 in the diagram) returns a 401 HTTP status response. Unfortunately I don’t seem to receive any events from PusherJS library when this happens.
I have tried the following to see what message is received when the PusherJS library receives a 401 on an auth attempt but none of them seem to be triggered:
pusher.connection.bind 'message', (msg) ->
# ...
pusher.connection.bind "error", (err) ->
#...
pusher.connection.bind "state_change", (states) ->
# ...
this.channel.bind_global((event, data) => {
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem via https://jsfiddle.net or similar.
- User navigates to our app and uses it. This will establish a connection to Pusher
- User completes what they’re doing and walks away but leaves their browser and the page open
- The user’s session expires
- Our app may still be running and we have a background task that attempts to subscribe to a private channel
- The subscription attempt will result in our server returning a 401 HTTP response as session is expired
- We were hoping/expecting that Pusher would send a message that we can act on, or that the library may receive the 401 and disconnect the socket altogether.
What is the expected behavior? To receive an event so we can act on it and disconnect the socket. Either that or the Pusher library to do that for us.
Or perhaps we have configured something incorrectly.
Which versions of Pusher, and which browsers / OS are affected by this issue? Did this work in previous versions of Pusher? If so, which?
"pusher": "3.0.0",
"pusher-js": "5.0.3",
Firefox, Chrome (but do not believe it is a browser specific issue)
Issue Analytics
- State:
- Created 4 years ago
- Reactions:1
- Comments:8 (3 by maintainers)
Top GitHub Comments
That’s an interesting theory, @tomfotherby. It’s not immediately clear what could be happening, but I’ll try and look into this issue soon.
I think we have the same problem. This shows
401
’s in our web app, which started flooding in since 10/Sep/19:(ℹ️ Chrome v77 was released 10/Sep/19 (source))
My theory is that when our UK users started work that day, their Google Chrome auto-upgraded to v77, and there is something related to pusher-js and Chrome v77+ that is causing many more
401
’s for us. We reproduced it by logging into our website and opening multiple tabs, then we Log out in one tab, the other tabs will hit our API to request a new pusher token for a private channel every 30 secs, but we return a 401 due to the expired session. This doesn’t happen on Mac or Linux, it seems to happen only for Windows Users. We upgraded ourpusher-js
npm module from4.2.1
to5.0.3
- it didn’t help.