Hey there! I'm currently building a
Hey there! I'm currently building a React frontend that uses the Visual Embed SDK to initialize and display embedded content. The Authentication type is Basic.
When I reload the page it forgets that it has initialized and authenticated already. Is there a way I can check whether the user has already logged in or not?
26 Replies
We usually set the cookie when authenticating through the Basic authentication. Any specific reason for using this authentication? We do not recommend using this auth type in prod environments..
We are building an early access version of our site for a few customers and do not have our own authentication mechanism. By using the Basic version, it simplifies things from our end.
Is there a specific cookie I can look for to know that the user has already logged in?
Is there any other mechanism I can use?
we use the JSESSIONID in the cookies for auth. Other then that you can use TrustedAuthToken/TrustedAuthCookieless, and the latter scheme will be helpful in the longer run since browsers have plans to start deprecating 3rd party cookies
Both TrustedAuthToken/TrustedAuthCookieles require a user to be be authenticated beforehand and so cannot be used in the current use case.
For JSESSIONID could you tell me more about this cookie. I'm assuming it's set when the user logs in but will the cookie be deleted when the user logs out?
yes
I just gave it a go in my browser and even though I have logged out I can see the cookie still there
I think that cookie is invalidated upon logout. Though I am not sure. Let me ask internally..
Yes that cookie is invalidated internally and not deleted..
I would still recommend to go through this and have a better auth scheme : https://developers.thoughtspot.com/docs/embed-auth#basic-auth-embed
Authentication
Define the authentication method in the Visual Embed SDK to authenticate users of an embedded instance.
Hey @rumana-hf it should not be logging you out upon reload in any auth. Do you have any cookie clearing mechanism which might be causing this? After auth we should have a cookie that has a validity date.. Is this happening on you normal TS login as well?
@shikharTS so does this mean I can check for JSESSIONID and if it exists assumes that a session is active.
yes for basic auth this JSESSIONID should be present..
But it should not be removed on refreshing in the first place..
When I log out, will the JSESSIONID be removed?
it is invalidated..
cc @Swarnika @jbc
Yes, you can check for the presence of JSESSIONID to determine if a session is active. However, remember:
The cookie is invalidated upon logout but may not be deleted from the browser.
Simply checking for the presence of JSESSIONID doesn’t guarantee that it is still valid.
Debugging the Reload Issue:
Verify there are no scripts clearing cookies on page reload.
Check if your browser or application settings are preventing cookie persistence (e.g., incognito mode or strict privacy settings).
How do we check that the JSESSIONID is valid or not?
Just to give a bit of context, we're building an application that uses the Thoughtspot login via AuthTupe: Basic to let users in via the Visual Embed SDK. After that there are a number of pages that has embedded thoughtspot content. The user can then click 'Logout' and it uses Thoughtspot's logout method .
This is built in React. When the user logs in and clicks on the pages that's fine but when the user hits refresh, I need a way for my application to know that the user has already authenticated and that there is an active session.
Refresh should not remove/invalidate the JSESSSIONID cookie. If a user logs out of TS, the cookie will be invalidated on the TS side, so you app will need not do anything..
Is there someway my application can check whether there is an active session so that it does not take the user to the login screen?
You can send a request to an endpoint that requires authentication and check the response status. eg. /session/info
Is this via the Visual Embed SDK or the API?
API
Can I use both the API and Embed SDK at the same time?
Is there an endpoint you recommend for the check?
@rumana-hf - Check: https://developers.thoughtspot.com/docs/Interface_AuthEventEmitter#_on
This should help you. In case, JSessionID has expried, AuthFailure events will be emitted. You can use those to redirect your users to homepage
AuthEventEmitter
Event emitter returned from {@link init}.
@utsav.kapoor Thanks for this. I still need to initilize the SDK first for this AuthEventEmitter to work. However when I reload the application I lose the initilization and will need to do the authentication again. Is there any issues with mixing the API with the Visual Embed SDK?
No Issues in mixing as both wiill give their results. Just eniusre that you handle the responses correctly