Fix Not Signed In errors when multiple tabs are open
By default gwtjsonrpc is caching the XSRF token in a JavaScript global
variable, which means the token is per-browser tab. The server however
requires that the XSRF token presented in the POST body match the cookie
that is also presented in the request headers.
If the session expires and the user signs in again using an open tab,
that new tab would get refreshed with the new XSRF token, but all of
the other tabs would not be refreshed. Using an older tab would also
trigger the Not Signed In error, and a new sign-in attempt from an old
tab would again change the cookie, breaking all other tabs.
Instead of obtaining the XSRF token from the JavaScript global state,
always get it from the browser cookie. This ensures we always start
a request with the current cookie value, even if another tab is what
reinitialized the session.
Bug: issue 286
Change-Id: Ic94ae6bb61325a7b01e12b43e844ceabc5c817b1
Signed-off-by: Shawn O. Pearce <sop@google.com>
3 files changed
