L3 - Default
With the storage as cookie and usage of the service accessToken with
OPT-6274 there can be a mismatch of it's lifetime and the auth cookie that represents the user session.
In the case that the X-Optimize-Service-Token expires before X-Optimize-Authorization some requests of Optimize that make use of the X-Optimize-Service-Token may fail with a HTTP status 401.
OPT-5998 this would result in a page reload to reinitialise the OAuth2 authentication flow (assuming a 401 means the user session expired) but given the case that the X-Optimize-Authorization cookie could still ne valid this results in an endless refresh loop.
- ensure the expiry of either the two cookies X-Optimize-Authorization or X-Optimize-Service-Token results in a full recreation of the user session with valid new cookies
- disable the automatic refresh of the X-Optimize-Authorization cookie in a SaaS environment
- ideally align the expiry of both cookies, using the shotest lifetime either being the one of the access-token or the config `security.auth.token.lifeMin`
This is the controller panel for Smart Panels app
- mentioned in